efficient pairing computation on ordinary elliptic curves of embedding degree 1 and 2
文献类型:会议论文
| 作者 | Zhang Xusheng ; Lin Dongdai |
| 出版日期 | 2011 |
| 会议名称 | Cryptography and Coding 13th IMA International Conference, IMACC 2011 |
| 会议日期 | 2011 |
| 会议地点 | Oxford UK |
| 关键词 | Miller’ s algorithm – composite order pairing – Omega pairing lattices – RSA ring |
| 页码 | 309-326 |
| 中文摘要 | In pairing-based cryptography, most researches are focused on elliptic curves of embedding degrees greater than six, but less on curves of small embedding degrees, although they are important for pairing-based cryptography over composite-order groups. This paper analyzes efficient pairings on ordinary elliptic curves of embedding degree 1 and 2 from the point of shortening Miller’s loop. We first show that pairing lattices presented by Hess can be redefined on composite-order groups. Then we give a simpler variant of the Weil pairing lattice which can also be regarded as an Omega pairing lattice, and extend it to ordinary curves of embedding degree 1. In our analysis, the optimal Omega pairing, as the super-optimal pairing on elliptic curves of embedding degree 1 and 2, could be more efficient than Weil and Tate pairings. On the other hand, elliptic curves of embedding degree 2 are also very useful for pairings on elliptic curves over RSA rings proposed by Galbraith and McKee. So we analyze the construction of such curves over RSA rings, and redefine pairing lattices over RSA rings. Specially, modified Omega pairing lattices over RSA rings can be computed without knowing the RSA trapdoor. Furthermore, for keeping the trapdoor secret, we develop an original idea of evaluating pairings without leaking the group order. |
| 英文摘要 | In pairing-based cryptography, most researches are focused on elliptic curves of embedding degrees greater than six, but less on curves of small embedding degrees, although they are important for pairing-based cryptography over composite-order groups. This paper analyzes efficient pairings on ordinary elliptic curves of embedding degree 1 and 2 from the point of shortening Miller’s loop. We first show that pairing lattices presented by Hess can be redefined on composite-order groups. Then we give a simpler variant of the Weil pairing lattice which can also be regarded as an Omega pairing lattice, and extend it to ordinary curves of embedding degree 1. In our analysis, the optimal Omega pairing, as the super-optimal pairing on elliptic curves of embedding degree 1 and 2, could be more efficient than Weil and Tate pairings. On the other hand, elliptic curves of embedding degree 2 are also very useful for pairings on elliptic curves over RSA rings proposed by Galbraith and McKee. So we analyze the construction of such curves over RSA rings, and redefine pairing lattices over RSA rings. Specially, modified Omega pairing lattices over RSA rings can be computed without knowing the RSA trapdoor. Furthermore, for keeping the trapdoor secret, we develop an original idea of evaluating pairings without leaking the group order. |
| 收录类别 | SPRINGER ; EI |
| 会议主办者 | The Institute of Mathematics and its Applications; Cryptomathic Ltd.; Hewlett-Packard Laboratories; Vodafone Ltd. |
| 会议录 | Cryptography and Coding
 |
| 语种 | 英语 |
| ISSN号 | 0302-9743 |
| ISBN号 | 978-3-642-25515-1 |
| 源URL | [http://ir.iscas.ac.cn/handle/311060/16235]  |
| 专题 | 软件研究所_软件所图书馆_会议论文 |
| 推荐引用方式 GB/T 7714 | Zhang Xusheng,Lin Dongdai. efficient pairing computation on ordinary elliptic curves of embedding degree 1 and 2[C]. 见:Cryptography and Coding 13th IMA International Conference, IMACC 2011. Oxford UK. 2011. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。