TY - GEN
T1 - Application of scalar multiplication of edwards curves to pairing-based cryptography
AU - Yasuda, Takanori
AU - Takagi, Tsuyoshi
AU - Sakurai, Kouichi
PY - 2012
Y1 - 2012
N2 - Edwards curves have efficient scalar multiplication algorithms, and their application to pairing-based cryptography has been studied. In particular, if a pairing-friendly curve used in a pairing-based protocol is isomorphic to an Edwards curve, all the scalar multiplication appearing in the protocol can be computed efficiently. In this paper, we extend this idea to pairing-friendly curves not isomorphic but isogenous to Edwards curves, and add to pairing-friendly curves to which Edwards curves can be applied. Above all, pairing-friendly curves with smaller ρ-values provide more efficient pairing computation. Therefore, we investigate whether pairing-friendly curves with the minimal ρ-values are isogenous to Edwards curves for embedding degree up to 50. Based on the investigation, we present parameters of pairing-friendly curves with 160-bit and 256-bit security level at embedding degree 16 and 24, respectively. These curves have the minimal ρ-values and are not isomorphic but isogenous to Edwards curves, and thus our proposed method is effective for these curves.
AB - Edwards curves have efficient scalar multiplication algorithms, and their application to pairing-based cryptography has been studied. In particular, if a pairing-friendly curve used in a pairing-based protocol is isomorphic to an Edwards curve, all the scalar multiplication appearing in the protocol can be computed efficiently. In this paper, we extend this idea to pairing-friendly curves not isomorphic but isogenous to Edwards curves, and add to pairing-friendly curves to which Edwards curves can be applied. Above all, pairing-friendly curves with smaller ρ-values provide more efficient pairing computation. Therefore, we investigate whether pairing-friendly curves with the minimal ρ-values are isogenous to Edwards curves for embedding degree up to 50. Based on the investigation, we present parameters of pairing-friendly curves with 160-bit and 256-bit security level at embedding degree 16 and 24, respectively. These curves have the minimal ρ-values and are not isomorphic but isogenous to Edwards curves, and thus our proposed method is effective for these curves.
UR - http://www.scopus.com/inward/record.url?scp=84868378996&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84868378996&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-34117-5-2
DO - 10.1007/978-3-642-34117-5-2
M3 - Conference contribution
AN - SCOPUS:84868378996
SN - 9783642341168
VL - 7631 LNCS
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 19
EP - 36
BT - Advances in Information and Computer Security - 7th International Workshop on Security, IWSEC 2012, Proceedings
T2 - 7th International Workshop on Security, IWSEC 2012
Y2 - 7 November 2012 through 9 November 2012
ER -