International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Polynomials for Ate Pairing and $\mathbf{Ate}_{i}$ Pairing

Authors:
Zhitu Su
Hui Li
JianFeng Ma
Download:
URL: http://eprint.iacr.org/2008/202
Search ePrint
Search Google
Abstract: The irreducible factor $r(x)$ of $\mathrm{\Phi}_{k}(u(x))$ and $u(x) $ are often used in constructing pairing-friendly curves. $u(x)$ and $u_{c} \equiv u(x)^{c} \pmod{r(x)}$ are selected to be the Miller loop control polynomial in Ate pairing and $\mathrm{Ate}_{i}$ pairing. In this paper we show that when $4|k$ or the minimal prime which divides $k$ is larger than $2$, some $u(x)$ and $r(x)$ can not be used as curve generation parameters if we want $\mathrm{Ate}_{i}$ pairing to be efficient. We also show that the Miller loop length can not reach the bound $\frac{\mathrm{log_{2}r}}{\varphi(k)}$ when we use the factorization of $\mathrm{\Phi}_{k}(u(x))$ to generate elliptic curves.
BibTeX
@misc{eprint-2008-17879,
  title={Polynomials for  Ate Pairing and $\mathbf{Ate}_{i}$ Pairing},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography /},
  url={http://eprint.iacr.org/2008/202},
  note={ ztsu@mail.xidian.edu.cn 14007 received 8 May 2008},
  author={Zhitu Su and Hui Li and JianFeng Ma},
  year=2008
}