Paper 2009/556

Constructing Tower Extensions for the implementation of Pairing-Based Cryptography

Naomi Benger and Michael Scott


A cryptographic pairing evaluates as an element in an extension field, and the evaluation itself involves a considerable amount of extension field arithmetic. It is recognised that organising the extension field as a ``tower'' of subfield extensions has many advantages. Here we consider criteria that apply when choosing the best towering construction, and the associated choice of irreducible polynomials for the implementation of pairing-based cryptosystems. We introduce a method for automatically constructing efficient towers for more congruency classes than previous methods, some of which allow faster arithmetic.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
Pairing implementationpairing-based cryptosystems
Contact author(s)
nbenger @ computing dcu ie
2010-08-02: last of 8 revisions
2009-11-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Naomi Benger and Michael Scott},
      title = {Constructing Tower Extensions for the implementation of Pairing-Based Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2009/556},
      year = {2009},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.