Paper 2008/417

On the security of pairing-friendly abelian varieties over non-prime fields

Naomi Benger, Manuel Charlemagne, and David Freeman


Let $A$ be an abelian variety defined over a non-prime finite field $\F_{q}$ that has embedding degree $k$ with respect to a subgroup of prime order $r$. In this paper we give explicit conditions on $q$, $k$, and $r$ that imply that the minimal embedding field of $A$ with respect to $r$ is $\F_{q^k}$. When these conditions hold, the embedding degree $k$ is a good measure of the security level of a pairing-based cryptosystem that uses $A$. We apply our theorem to supersingular elliptic curves and to supersingular genus 2 curves, in each case computing a maximum $\rho$-value for which the minimal embedding field must be $\F_{q^k}$. Our results are in most cases stronger (i.e., give larger allowable $\rho$-values) than previously known results for supersingular varieties, and our theorem holds for general abelian varieties, not only supersingular ones.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
pairing-friendly abelian varietiesnon-prime fieldssecurity
Contact author(s)
nbenger @ computing dcu ie
2009-03-10: last of 7 revisions
2008-10-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Naomi Benger and Manuel Charlemagne and David Freeman},
      title = {On the security of pairing-friendly abelian varieties over non-prime fields},
      howpublished = {Cryptology ePrint Archive, Paper 2008/417},
      year = {2008},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.