Open AccessJournal Article
Pairing-friendly elliptic curves of prime order
TLDR
In particular, for embedding degree k = 2q where q is prime, the authors showed that the ability to handle log(D)/log(r) ∼ (q - 3)/(q - 1) enables building elliptic curves with p ∼ q/(q- 1).Abstract:
Previously known techniques to construct pairing-friendly curves of prime or near-prime order are restricted to embedding degree k ≤ 6. More general methods produce curves over Fp where the bit length of p is often twice as large as that of the order r of the subgroup with embedding degree k; the best published results achieve p = log(p)/log(r) ∼ 5/4. In this paper we make the first step towards surpassing these limitations by describing a method to construct elliptic curves of prime order and embedding degree k = 12. The new curves lead to very efficient implementation: non-pairing operations need no more than F p 4 arithmetic, and pairing values can be compressed to one third of their length in a way compatible with point reduction techniques. We also discuss the role of large CM discriminants D to minimize p; in particular, for embedding degree k = 2q where q is prime we show that the ability to handle log(D)/log(r) ∼ (q - 3)/(q - 1) enables building curves with p ∼ q/(q - 1).read more
Citations
More filters
Book ChapterDOI
Compact Proofs of Retrievability
Hovav Shacham,Brent Waters +1 more
TL;DR: The first proof-of-retrievability schemes with full proofs of security against arbitrary adversaries in the strongest model, that of Juels and Kaliski, are given.
Proceedings ArticleDOI
Pinocchio: Nearly Practical Verifiable Computation
TL;DR: This work introduces Pinocchio, a built system for efficiently verifying general computations while relying only on cryptographic assumptions, and is the first general-purpose system to demonstrate verification cheaper than native execution (for some apps).
Journal ArticleDOI
Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups
Dan Boneh,Xavier Boyen +1 more
TL;DR: In this article, the authors describe a short signature scheme that is strongly existentially unforgeable under an adaptive chosen message attack in the standard security model, and give a tight reduction proving that their scheme is secure in any group in which the Strong Diffie-Hellman (SDH) assumption holds, without relying on the random oracle model.
Journal ArticleDOI
A Taxonomy of Pairing-Friendly Elliptic Curves
TL;DR: This paper gives a single coherent framework that encompasses all of the constructions of pairing-friendly elliptic curves currently existing in the literature and provides recommendations as to which pairing- friendly curves to choose to best satisfy a variety of performance and security requirements.
Book ChapterDOI
Quadratic Span Programs and Succinct NIZKs without PCPs
TL;DR: A new characterization of the NP complexity class, called Quadratic Span Programs (QSPs), is introduced, which is a natural extension of span programs defined by Karchmer and Wigderson.