Revisiting cycles of pairing-friendly elliptic curves

Marta Bellés-Muñoz; Jorge Jiménez Urroz; Javier Silva

Paper 2022/1662

Revisiting cycles of pairing-friendly elliptic curves

Marta Bellés-Muñoz

, Dusk Network, Pompeu Fabra University

Jorge Jiménez Urroz, Polytechnic University of Catalonia, Technical University of Madrid

Javier Silva, Dusk Network

Abstract

A recent area of interest in cryptography is recursive composition of proof systems. One of the approaches to make recursive composition efficient involves cycles of pairing-friendly elliptic curves of prime order. However, known constructions have very low embedding degrees. This entails large parameter sizes, which makes the overall system inefficient. In this paper, we explore -cycles composed of curves from families parameterized by polynomials, and show that such cycles do not exist unless a strong condition holds. As a consequence, we prove that no -cycles can arise from the known families, except for those cycles already known. Additionally, we show some general properties about cycles, and provide a detailed computation on the density of pairing-friendly cycles among all cycles.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Preprint.
Keywords: elliptic curves pairing-friendly curves zero-knowledge proofs recursive composition
Contact author(s): marta @ dusk network
jorge urroz @ upc edu
javier @ dusk network
History: 2023-05-26: last of 3 revisions; 2022-11-29: received; See all versions
Short URL: https://ia.cr/2022/1662
License: CC BY

BibTeX

@misc{cryptoeprint:2022/1662,
      author = {Marta Bellés-Muñoz and Jorge Jiménez Urroz and Javier Silva},
      title = {Revisiting cycles of pairing-friendly elliptic curves},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1662},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1662}
}