Paper 2024/1697

On pairing-friendly 2-cycles and SNARK-friendly 2-chains of elliptic curves containing a curve from a prime-order family

Tomáš Novotný, RWTH Aachen University
Abstract

Cryptographic protocols such as zkSNARKs use 2-cycles of elliptic curves for efficiency, often relying on pairing computations. However, 2-cycles of pairing-friendly curves are hard to find, and the only known cases consist of an MNT4 and an MNT6 curve. In this work, we prove that a 2-cycle containing an MNT3 curve cannot be pairing-friendly. For other curve families, we have a similar result for cryptographically attractive field sizes. Thus we cannot hope to find new pairing-friendly 2-cycles using the current methods. Furthermore, we show that there are no SNARK-friendly 2-chains of elliptic curves from combinations of MNT, Freeman and BN curves of reasonable size, except for the (MNT4, MNT6) chains.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint.
Keywords
zkSNARKsCycles of elliptic curvesChains of elliptic curvesPairing-friendly curves
Contact author(s)
tomas novotny @ rwth-aachen de
History
2024-10-18: approved
2024-10-17: received
See all versions
Short URL
https://ia.cr/2024/1697
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1697,
      author = {Tomáš Novotný},
      title = {On pairing-friendly 2-cycles and {SNARK}-friendly 2-chains of elliptic curves containing a curve from a prime-order family},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1697},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1697}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.