Paper 2024/1697

On pairing-friendly 2-cycles and SNARK-friendly 2-chains of elliptic curves containing a curve from a prime-order family

Tomáš Novotný, RWTH Aachen University
Vladimír Sedláček, Masaryk University
Abstract

Cryptographic protocols such as zk-SNARKs use 2-cycles of~elliptic curves for efficiency, often relying on pairing computations. However, 2-cycles of~pairing-friendly curves are hard to find, and the only known cases consist of~an MNT4 and an MNT6 curve. In this work, we prove that a~2-cycle containing an MNT3, Freeman, or BN curve cannot be pairing-friendly. Thus we cannot hope to find new pairing-friendly 2-cycles using the current methods. Furthermore, we show that there are no SNARK-friendly 2-chains of elliptic curves from combinations of MNT, Freeman and BN curves of reasonable size, except for (MNT4, MNT6).

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint.
Keywords
Cycles of elliptic curveschains of elliptic curvespairing-friendly curves
Contact author(s)
tomas novotny @ rwth-aachen de
vlada sedlacek @ mail muni cz
History
2025-04-22: revised
2024-10-17: received
See all versions
Short URL
https://ia.cr/2024/1697
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1697,
      author = {Tomáš Novotný and Vladimír Sedláček},
      title = {On pairing-friendly 2-cycles and {SNARK}-friendly 2-chains of elliptic curves containing a curve from a prime-order family},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1697},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1697}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.