Efficient Optimal Ate Pairing at 128-bit Security Level

Abstract : Following the emergence of Kim and Barbulescu's new number field sieve (exTNFS) algorithm at CRYPTO'16 [21] for solving discrete logarithm problem (DLP) over the finite field; pairing-based cryptography researchers are intrigued to find new parameters that confirm standard security levels against exTNFS. Recently, Barbulescu and Duquesne have suggested new parameters [3] for well-studied pairing-friendly curves i.e., Barreto-Naehrig (BN) [5], Barreto-Lynn-Scott (BLS-12) [4] and Kachisa-Schaefer-Scott (KSS-16) [19] curves at 128-bit security level (twist and subgroup attack secure). They have also concluded that in the context of Optimal-Ate pairing with their suggested parameters , BLS-12 and KSS-16 curves are more efficient choices than BN curves. Therefore, this paper selects the atypical and less studied pairing-friendly curve in literature, i.e., KSS-16 which offers quartic twist, while BN and BLS-12 curves have sextic twist. In this paper, the authors optimize Miller's algorithm of Optimal-Ate pairing for the KSS-16 curve by deriving efficient sparse multiplication and implement them. Furthermore , this paper concentrates on the Miller's algorithm to experimentally verify Barbulescu et al.'s estimation. The result shows that Miller's algorithm time with the derived pseudo 8-sparse multiplication is most efficient for KSS-16 than other two curves. Therefore, this paper defends Barbulescu and Duquesne's conclusion for 128-bit security.
Complete list of metadatas

Cited literature [31 references]  Display  Hide  Download

Contributor : Sylvain Duquesne <>
Submitted on : Saturday, October 21, 2017 - 4:33:22 PM
Last modification on : Tuesday, April 2, 2019 - 1:35:25 AM
Long-term archiving on : Monday, January 22, 2018 - 2:33:04 PM


Files produced by the author(s)


  • HAL Id : hal-01620848, version 1


Md Al-Amin Khandaker, Yuki Nanjo, Loubna Ghammam, Sylvain Duquesne, Yasuyuki Nogami, et al.. Efficient Optimal Ate Pairing at 128-bit Security Level. IndoCrypt 2017 - 18th International Conference on Cryptology, Dec 2017, Chennai, India. pp.186-205. ⟨hal-01620848⟩



Record views


Files downloads