HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Preprints, Working Papers, ...

Co-factor clearing and subgroup membership testing on pairing-friendly curves

Youssef El Housni 1, 2 Aurore Guillevic 3, 4 Thomas Piellard 1
2 GRACE - Geometry, arithmetic, algorithms, codes and encryption
LIX - Laboratoire d'informatique de l'École polytechnique [Palaiseau], Inria Saclay - Ile de France
4 CARAMBA - Cryptology, arithmetic : algebraic methods for better algorithms
Inria Nancy - Grand Est, LORIA - ALGO - Department of Algorithms, Computation, Image and Geometry
Abstract : An important cryptographic operation on elliptic curves is hashing to a point on the curve. When the curve is not of prime order, the point is multiplied by the cofactor so that the result has a prime order. This is important to avoid small subgroup attacks for example. A second important operation, in the composite-order case, is testing whether a point belongs to the subgroup of prime order. A pairing is a bilinear map e : G1×G2 → GT where G1 and G2 are distinct subgroups of prime order r of an elliptic curve, and GT is a multiplicative subgroup of the same prime order r of a finite field extension. Pairing-friendly curves are rarely of prime order. We investigate cofactor clearing and subgroup membership testing on these composite-order curves. First, we generalize a result on faster cofactor clearing for BLS curves to other pairingfriendly families of a polynomial form from the taxonomy of Freeman, Scott and Teske. Second, we investigate subgroup membership testing for G1 and G2. We fix a proof argument for the G2 case that appeared in a preprint by Scott in late 2021 and has recently been implemented in different cryptographic libraries. We then generalize the result to both G1 and G2 and apply it to different pairing-friendly families of curves. This gives a simple and shared framework to prove membership tests for both cryptographic subgroups.
Complete list of metadata

https://hal.inria.fr/hal-03608264
Contributor : Aurore Guillevic Connect in order to contact the contributor
Submitted on : Friday, March 18, 2022 - 11:25:45 AM
Last modification on : Wednesday, April 13, 2022 - 10:18:06 AM

File

2022_ElHousniGuillevicPiellard...
Files produced by the author(s)

Identifiers

  • HAL Id : hal-03608264, version 2

Citation

Youssef El Housni, Aurore Guillevic, Thomas Piellard. Co-factor clearing and subgroup membership testing on pairing-friendly curves. 2022. ⟨hal-03608264v2⟩

Share

Metrics

Record views

77

Files downloads

36