Implementing cryptographic pairings at standard security levels

Andreas Enge 1, 2 Jérôme Milan 3
1 LFANT - Lithe and fast algorithmic number theory
IMB - Institut de Mathématiques de Bordeaux, Inria Bordeaux - Sud-Ouest
3 TANC - Algorithmic number theory for cryptology
LIX - Laboratoire d'informatique de l'École polytechnique [Palaiseau], Inria Saclay - Ile de France
Abstract : This study reports on an implementation of cryptographic pairings in a general purpose computer algebra system. For security levels equivalent to the different AES flavours, we exhibit suitable curves in parametric families and show that optimal ate and twisted ate pairings exist and can be efficiently evaluated. We provide a correct description of Miller's algorithm for signed binary expansions such as the NAF and extend a recent variant due to Boxall et al. to addition-subtraction chains. We analyse and compare several algorithms proposed in the literature for the final exponentiation. Finally, we give recommendations on which curve and pairing to choose at each security level.
Liste complète des métadonnées

Cited literature [22 references]  Display  Hide  Download
Contributor : Andreas Enge <>
Submitted on : Tuesday, July 22, 2014 - 6:41:56 PM
Last modification on : Wednesday, March 27, 2019 - 4:41:29 PM
Document(s) archivé(s) le : Tuesday, November 25, 2014 - 11:40:44 AM


Files produced by the author(s)




Andreas Enge, Jérôme Milan. Implementing cryptographic pairings at standard security levels. Security, Privacy, and Applied Cryptography Engineering, Oct 2014, Pune, India. pp.28-46, ⟨10.1007/978-3-319-12060-7_3⟩. ⟨hal-01034213⟩



Record views


Files downloads