### Revisiting cycles of pairing-friendly elliptic curves

##### Abstract

A recent area of interest in cryptography is recursive composition of proof systems. One of the approaches to make recursive composition efficient involves cycles of pairing-friendly elliptic curves of prime order. However, known constructions have very low embedding degrees. This entails large parameter sizes, which makes the overall system inefficient. In this paper, we explore $2$-cycles composed of curves from families parameterized by polynomials, and show that such cycles do not exist unless a strong condition holds. As a consequence, we prove that no $2$-cycles can arise from the known families, except for those cycles already known. Additionally, we show some general properties about cycles, and provide a detailed computation on the density of pairing-friendly cycles among all cycles.

Available format(s)
Category
Public-key cryptography
Publication info
Preprint.
Keywords
elliptic curves pairing-friendly curves zero-knowledge proofs recursive composition
Contact author(s)
marta @ dusk network
jorge urroz @ upc edu
javier @ dusk network
History
2022-11-30: approved
See all versions
Short URL
https://ia.cr/2022/1662

CC BY

BibTeX

@misc{cryptoeprint:2022/1662,
author = {Marta Bellés-Muñoz and Jorge Jiménez Urroz and Javier Silva},
title = {Revisiting cycles of pairing-friendly elliptic curves},
howpublished = {Cryptology ePrint Archive, Paper 2022/1662},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/1662}},
url = {https://eprint.iacr.org/2022/1662}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.