TY - GEN

T1 - Universal ηT pairing algorithm over arbitrary extension degree

AU - Shirase, Masaaki

AU - Kawahara, Yuto

AU - Takagi, Tsuyoshi

AU - Okamoto, Eiji

PY - 2007

Y1 - 2007

N2 - The ηT pairing on supersingular is one of the most efficient algorithms for computing the bilinear pairing [3]. The rfr pairing defined over finite field F3n has embedding degree 6, so that it is particularly efficient for higher security with large extension degree n. Note that the explicit algorithm over F3n in [3] is designed just for n Ξ 1 (mod 12), and it is relatively complicated to construct an explicit algorithm for n ≢ 1 (mod 12). It is better that we can select many n's to implement the r¡T pairing, since n corresponds to security level of the ηT pairing. In this paper we construct an explicit algorithm for computing the ηT pairing with arbitrary extension degree n. However, the algorithm should contain many branch conditions depending on n and the curve parameters, that is undesirable for implementers of the ηT pairing. This paper then proposes the universal ηT pairing (ηT pairing), which satisfies the bilinearity of pairing (compatible with Tate pairing) without any branches in the program, and is as efficient as the original one. Therefore the proposed universal ηT pairing is suitable for the implementation of various extension degrees n with higher security.

AB - The ηT pairing on supersingular is one of the most efficient algorithms for computing the bilinear pairing [3]. The rfr pairing defined over finite field F3n has embedding degree 6, so that it is particularly efficient for higher security with large extension degree n. Note that the explicit algorithm over F3n in [3] is designed just for n Ξ 1 (mod 12), and it is relatively complicated to construct an explicit algorithm for n ≢ 1 (mod 12). It is better that we can select many n's to implement the r¡T pairing, since n corresponds to security level of the ηT pairing. In this paper we construct an explicit algorithm for computing the ηT pairing with arbitrary extension degree n. However, the algorithm should contain many branch conditions depending on n and the curve parameters, that is undesirable for implementers of the ηT pairing. This paper then proposes the universal ηT pairing (ηT pairing), which satisfies the bilinearity of pairing (compatible with Tate pairing) without any branches in the program, and is as efficient as the original one. Therefore the proposed universal ηT pairing is suitable for the implementation of various extension degrees n with higher security.

UR - http://www.scopus.com/inward/record.url?scp=38549139643&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=38549139643&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-77535-5_1

DO - 10.1007/978-3-540-77535-5_1

M3 - Conference contribution

AN - SCOPUS:38549139643

SN - 354077534X

SN - 9783540775348

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1

EP - 15

BT - Information Security Applications - 8th International Workshop, WISA 2007, Revised Selected Papers

PB - Springer Verlag

T2 - 8th International Workshop on Information Security Applications, WISA 2007

Y2 - 27 August 2007 through 29 August 2007

ER -