Paper 2022/1662

Revisiting cycles of pairing-friendly elliptic curves

Marta Bellés-Muñoz, Dusk Network, Pompeu Fabra University
Jorge Jiménez Urroz, Polytechnic University of Catalonia, Technical University of Madrid
Javier Silva, Dusk Network

A recent area of interest in cryptography is recursive composition of proof systems. One of the approaches to make recursive composition efficient involves cycles of pairing-friendly elliptic curves of prime order. However, known constructions have very low embedding degrees. This entails large parameter sizes, which makes the overall system inefficient. In this paper, we explore $2$-cycles composed of curves from families parameterized by polynomials, and show that such cycles do not exist unless a strong condition holds. As a consequence, we prove that no $2$-cycles can arise from the known families, except for those cycles already known. Additionally, we show some general properties about cycles, and provide a detailed computation on the density of pairing-friendly cycles among all cycles.

Available format(s)
Public-key cryptography
Publication info
elliptic curvespairing-friendly curveszero-knowledge proofsrecursive composition
Contact author(s)
marta @ dusk network
jorge urroz @ upc edu
javier @ dusk network
2023-05-26: last of 3 revisions
2022-11-29: received
See all versions
Short URL
Creative Commons Attribution


      author = {Marta Bellés-Muñoz and Jorge Jiménez Urroz and Javier Silva},
      title = {Revisiting cycles of pairing-friendly elliptic curves},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1662},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.