• ETRI Journal
• /
• v.35 no.5
• /
• pp.880-888
• /
• 2013

The preexisting pairings ate, $ate_i$, R-ate, and optimal-ate use q-expansion, where q is the size of the defining field for the elliptic curves. Elliptic curves with small embedding degrees only allow a few of these pairings. In such cases, efficiently computable endomorphisms can be used, as in [11] and [12]. They used the endomorphisms that have characteristic polynomials with very small coefficients, which led to some restrictions in finding various pairing-friendly curves. To construct more pairing-friendly curves, we consider ${\mu}$-expansion using the Gallant-Lambert-Vanstone (GLV) decomposition method, where ${\mu}$ is an arbitrary integer. We illustrate some pairing-friendly curves that provide more efficient pairing from the ${\mu}$-expansion than from the ate pairing. The proposed method can achieve timing results at least 20% faster than the ate pairing.

• ETRI Journal
• /
• v.33 no.4
• /
• pp.656-659
• /
• 2011

In ICISC 2007, Comuta and others showed that among the methods for constructing pairing-friendly curves, those using cyclotomic polynomials, that is, the Brezing-Weng method and the Freeman-Scott-Teske method, are affected by Cheon's algorithm. This paper proposes a method for searching parameters of pairing-friendly elliptic curves that induces minimal security loss by Cheon's algorithm. We also provide a sample set of parameters of BN-curves, FST-curves, and KSS-curves for pairing-based cryptography.

• Bulletin of the Korean Mathematical Society
• /
• v.49 no.1
• /
• pp.75-88
• /
• 2012

A new algorithm is proposed for the construction of Brezing-Weng-like elliptic curves such that polynomials defining the CM discriminant are linear. Using this construction, new families of curves with variable discriminants and embedding degrees of $k{\in}\{8,16,20,24\}$, which were not covered by Freeman, Scott, and Teske [9], are presented. Our result is useful for constructing elliptic curves with larger and more flexible discriminants.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.567-571
• /
• 2015

Brezing and Weng proposed a method to generate CM parameters of pairing-friendly elliptic curves using polynomial representations of a number field, and Freeman generalized the method for the case of abelian varieties. In this paper we derive explicit formulae to find a family of polynomials used in Brezing-Weng method especially in the case of abelian surfaces, and present some examples generated by the proposed method.

• Journal of information and communication convergence engineering
• /
• v.15 no.2
• /
• pp.97-103
• /
• 2017

Implementation of faster pairing calculation is the basis of efficient pairing-based cryptographic protocol implementation. Generally, pairing is a costly operation carried out over the extension field of degree $k{\geq}12$. But the twist property of the pairing friendly curve allows us to calculate pairing over the sub-field twisted curve, where the extension degree becomes k/d and twist degree d = 2, 3, 4, 6. The calculation cost is reduced substantially by twisting but it makes the discrete logarithm problem easier if the curve parameters are not carefully chosen. Therefore, this paper considers the most recent parameters setting presented by Barbulescu and Duquesne [1] for pairing-based cryptography; that are secure enough for 128-bit security level; to explicitly show the quartic twist (d = 4) and sextic twist (d = 6) mapping between the isomorphic rational point groups for KSS (Kachisa-Schaefer-Scott) curve of embedding degree k = 16 and k = 18, receptively. This paper also evaluates the performance enhancement of the obtained twisted mapping by comparing the elliptic curve scalar multiplications.