Paper 2007/390

Implementing Cryptographic Pairings over Barreto-Naehrig Curves

Augusto Jun Devegili, Michael Scott, and Ricardo Dahab


In this paper we describe an efficient implementation of the Tate and Ate pairings using Barreto-Naehrig pairing-friendly curves, on both a standard 32-bit PC and on a 32-bit smartcard. First we introduce a sub-family of such curves with a particularly simple representation. Next we consider the issues that arise in the efficient implementation of field arithmetic in $\F_{p^{12}}$, which is crucial to good performance. Various optimisations are suggested, including a novel approach to the `final exponentiation', which is faster and requires less memory than the methods previously recommended.

Note: An implementation error resulting in inflated execution times has been fixed. Use of projective coordinates improves Ate pairing timings.

Available format(s)
Publication info
Published elsewhere. Corrected and Improved version of paper from Pairing 2007, Tokyo, Japan, LNCS 4575
Contact author(s)
mike @ computing dcu ie
2008-10-31: revised
2007-10-04: received
See all versions
Short URL
Creative Commons Attribution


      author = {Augusto Jun Devegili and Michael Scott and Ricardo Dahab},
      title = {Implementing Cryptographic Pairings over Barreto-Naehrig Curves},
      howpublished = {Cryptology ePrint Archive, Paper 2007/390},
      year = {2007},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.