Paper 2018/193

A New Family of Pairing-Friendly elliptic curves

Michael Scott and Aurore Guillevic

Abstract

There have been recent advances in solving the finite extension field discrete logarithm problem as it arises in the context of pairing-friendly elliptic curves. This has lead to the abandonment of approaches based on super-singular curves of small characteristic, and to the reconsideration of the field sizes required for implementation based on non-supersingular curves of large characteristic. This has resulted in a revision of recommendations for suitable curves, particularly at a higher level of security. Indeed for AES-256 levels of security the BLS48 curves have been suggested, and demonstrated to be superior to other candidates. These curves have an embedding degree of 48. The well known taxonomy of Freeman, Scott and Teske only considered curves with embedding degrees up to 50. Given some uncertainty around the constants that apply to the best discrete logarithm algorithm, it would seem to be prudent to push a little beyond 50. In this note we announce the discovery of a new family of pairing friendly elliptic curves which includes a new construction for a curve with an embedding degree of 54.

Note: New author added. New material added.

Metadata
Available format(s)
PDF
Publication info
Preprint.
Contact author(s)
mike scott @ miracl com
History
2018-05-21: last of 4 revisions
2018-02-22: received
See all versions
Short URL
https://ia.cr/2018/193
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/193,
      author = {Michael Scott and Aurore Guillevic},
      title = {A New Family of Pairing-Friendly elliptic curves},
      howpublished = {Cryptology ePrint Archive, Paper 2018/193},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/193}},
      url = {https://eprint.iacr.org/2018/193}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.