TY - GEN
T1 - Universal ηT pairing algorithm over arbitrary extension degree
AU - Shirase, Masaaki
AU - Kawahara, Yuto
AU - Takagi, Tsuyoshi
AU - Okamoto, Eiji
PY - 2007
Y1 - 2007
N2 - The ηT pairing on supersingular is one of the most efficient algorithms for computing the bilinear pairing [3]. The rfr pairing defined over finite field F3n has embedding degree 6, so that it is particularly efficient for higher security with large extension degree n. Note that the explicit algorithm over F3n in [3] is designed just for n Ξ 1 (mod 12), and it is relatively complicated to construct an explicit algorithm for n ≢ 1 (mod 12). It is better that we can select many n's to implement the r¡T pairing, since n corresponds to security level of the ηT pairing. In this paper we construct an explicit algorithm for computing the ηT pairing with arbitrary extension degree n. However, the algorithm should contain many branch conditions depending on n and the curve parameters, that is undesirable for implementers of the ηT pairing. This paper then proposes the universal ηT pairing (ηT pairing), which satisfies the bilinearity of pairing (compatible with Tate pairing) without any branches in the program, and is as efficient as the original one. Therefore the proposed universal ηT pairing is suitable for the implementation of various extension degrees n with higher security.
AB - The ηT pairing on supersingular is one of the most efficient algorithms for computing the bilinear pairing [3]. The rfr pairing defined over finite field F3n has embedding degree 6, so that it is particularly efficient for higher security with large extension degree n. Note that the explicit algorithm over F3n in [3] is designed just for n Ξ 1 (mod 12), and it is relatively complicated to construct an explicit algorithm for n ≢ 1 (mod 12). It is better that we can select many n's to implement the r¡T pairing, since n corresponds to security level of the ηT pairing. In this paper we construct an explicit algorithm for computing the ηT pairing with arbitrary extension degree n. However, the algorithm should contain many branch conditions depending on n and the curve parameters, that is undesirable for implementers of the ηT pairing. This paper then proposes the universal ηT pairing (ηT pairing), which satisfies the bilinearity of pairing (compatible with Tate pairing) without any branches in the program, and is as efficient as the original one. Therefore the proposed universal ηT pairing is suitable for the implementation of various extension degrees n with higher security.
UR - http://www.scopus.com/inward/record.url?scp=38549139643&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=38549139643&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-77535-5_1
DO - 10.1007/978-3-540-77535-5_1
M3 - Conference contribution
AN - SCOPUS:38549139643
SN - 354077534X
SN - 9783540775348
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 1
EP - 15
BT - Information Security Applications - 8th International Workshop, WISA 2007, Revised Selected Papers
PB - Springer Verlag
T2 - 8th International Workshop on Information Security Applications, WISA 2007
Y2 - 27 August 2007 through 29 August 2007
ER -