Paper 2022/1662

Revisiting cycles of pairing-friendly elliptic curves

Marta Bellés-Muñoz, Dusk Network, Pompeu Fabra University
Jorge Jiménez Urroz, Polytechnic University of Catalonia, Technical University of Madrid
Javier Silva, Dusk Network
Abstract

A recent area of interest in cryptography is recursive composition of proof systems. One of the approaches to make recursive composition efficient involves cycles of pairing-friendly elliptic curves of prime order. However, known constructions have very low embedding degrees. This entails large parameter sizes, which makes the overall system inefficient. In this paper, we explore $2$-cycles composed of curves from families parameterized by polynomials, and show that such cycles do not exist unless a strong condition holds. As a consequence, we prove that no $2$-cycles can arise from the known families, except for those cycles already known. Additionally, we show some general properties about cycles, and provide a detailed computation on the density of pairing-friendly cycles among all cycles.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
elliptic curvespairing-friendly curveszero-knowledge proofsrecursive composition
Contact author(s)
marta @ dusk network
jorge urroz @ upc edu
javier @ dusk network
History
2023-05-26: last of 3 revisions
2022-11-29: received
See all versions
Short URL
https://ia.cr/2022/1662
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/1662,
      author = {Marta Bellés-Muñoz and Jorge Jiménez Urroz and Javier Silva},
      title = {Revisiting cycles of pairing-friendly elliptic curves},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1662},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1662}},
      url = {https://eprint.iacr.org/2022/1662}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.