Efficient Optimal Ate Pairing at 128-bit Security Level

Abstract : Following the emergence of Kim and Barbulescu's new number field sieve (exTNFS) algorithm at CRYPTO'16 [21] for solving discrete logarithm problem (DLP) over the finite field; pairing-based cryptography researchers are intrigued to find new parameters that confirm standard security levels against exTNFS. Recently, Barbulescu and Duquesne have suggested new parameters [3] for well-studied pairing-friendly curves i.e., Barreto-Naehrig (BN) [5], Barreto-Lynn-Scott (BLS-12) [4] and Kachisa-Schaefer-Scott (KSS-16) [19] curves at 128-bit security level (twist and subgroup attack secure). They have also concluded that in the context of Optimal-Ate pairing with their suggested parameters , BLS-12 and KSS-16 curves are more efficient choices than BN curves. Therefore, this paper selects the atypical and less studied pairing-friendly curve in literature, i.e., KSS-16 which offers quartic twist, while BN and BLS-12 curves have sextic twist. In this paper, the authors optimize Miller's algorithm of Optimal-Ate pairing for the KSS-16 curve by deriving efficient sparse multiplication and implement them. Furthermore , this paper concentrates on the Miller's algorithm to experimentally verify Barbulescu et al.'s estimation. The result shows that Miller's algorithm time with the derived pseudo 8-sparse multiplication is most efficient for KSS-16 than other two curves. Therefore, this paper defends Barbulescu and Duquesne's conclusion for 128-bit security.
Type de document :
Communication dans un congrès
IndoCrypt 2017 - 18th International Conference on Cryptology, Dec 2017, Chennai, India. LNCS, 10698, pp.186-205
Liste complète des métadonnées

Littérature citée [31 références]  Voir  Masquer  Télécharger

Contributeur : Sylvain Duquesne <>
Soumis le : samedi 21 octobre 2017 - 16:33:22
Dernière modification le : vendredi 26 octobre 2018 - 10:35:12
Document(s) archivé(s) le : lundi 22 janvier 2018 - 14:33:04


Fichiers produits par l'(les) auteur(s)


  • HAL Id : hal-01620848, version 1


Md Al-Amin Khandaker, Yuki Nanjo, Loubna Ghammam, Sylvain Duquesne, Yasuyuki Nogami, et al.. Efficient Optimal Ate Pairing at 128-bit Security Level. IndoCrypt 2017 - 18th International Conference on Cryptology, Dec 2017, Chennai, India. LNCS, 10698, pp.186-205. 〈hal-01620848〉



Consultations de la notice


Téléchargements de fichiers