Paper 2019/431

Cocks-Pinch curves of embedding degrees five to eight and optimal ate pairing computation

Aurore Guillevic, Simon Masson, and Emmanuel Thomé

Abstract

Recent algorithmic improvements of discrete logarithm computation in special extension fields threaten the security of pairing-friendly curves used in practice. A possible answer to this delicate situation is to propose alternative curves that are immune to these attacks, without compromising the efficiency of the pairing computation too much. We follow this direction, and focus on embedding degrees 5 to 8; we extend the Cocks-Pinch algorithm to obtain pairing-friendly curves with an efficient ate pairing. We carefully select our curve parameters so as to thwart possible attacks by “special” or “tower” Number Field Sieve algorithms. We target a 128-bit security level, and back this security claim by time estimates for the DLP computation. We also compare the efficiency of the optimal ate pairing computation on these curves to k = 12 curves (Barreto–Naehrig,Barreto–Lynn–Scott), k = 16 curves (Kachisa–Schaefer–Scott) and k = 1 curves (Chatterjee–Menezes–Rodríguez-Henríquez).

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Contact author(s)
simon masson @ loria fr
History
2019-10-01: revised
2019-04-28: received
See all versions
Short URL
https://ia.cr/2019/431
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/431,
      author = {Aurore Guillevic and Simon Masson and Emmanuel Thomé},
      title = {Cocks-Pinch curves of embedding degrees five to eight and optimal ate pairing computation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/431},
      year = {2019},
      url = {https://eprint.iacr.org/2019/431}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.