Paper 2010/559

Optimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves

Diego F. Aranha, Jean-Luc Beuchat, Jérémie Detrey, and Nicolas Estibals

Abstract

This article presents a novel pairing algorithm over supersingular genus-$2$ binary hyperelliptic curves. Starting from Vercauteren's work on optimal pairings, we describe how to exploit the action of the $2^{3m}$-th power Verschiebung in order to reduce the loop length of Miller's algorithm even further than the genus-$2$ $\eta_T$ approach. As a proof of concept, we detail an optimized software implementation and an FPGA accelerator for computing the proposed optimal Eta pairing on a genus-$2$ hyperelliptic curve over $\mathbb{F}_{2^{367}}$, which satisfies the recommended security level of $128$ bits. These designs achieve favourable performance in comparison with the best known implementations of $128$-bit-security Type-1 pairings from the literature.

Note: Updated version, incorporating remarks and comments from anonymous Eurocrypt and CT-RSA reviewers.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Optimal Eta pairingsupersingular genus-2 curvesoftware implementationFPGA implementation
Contact author(s)
Jeremie Detrey @ loria fr
History
2011-11-23: last of 3 revisions
2010-11-03: received
See all versions
Short URL
https://ia.cr/2010/559
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/559,
      author = {Diego F.  Aranha and Jean-Luc Beuchat and Jérémie Detrey and Nicolas Estibals},
      title = {Optimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves},
      howpublished = {Cryptology {ePrint} Archive, Paper 2010/559},
      year = {2010},
      url = {https://eprint.iacr.org/2010/559}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.