International Association for Cryptologic Research

International Association
for Cryptologic Research


Revisiting cycles of pairing-friendly elliptic curves

Marta Bellés Muñoz , Dusk Network, Pompeu Fabra University
Jorge Jiménez Urroz , Polytechnic University of Catalonia, Technical University of Madrid
Javier Silva , Dusk Network
DOI: 10.1007/978-3-031-38545-2_1 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: CRYPTO 2023
Abstract: A recent area of interest in cryptography is recursive composition of proof systems. One of the approaches to make recursive composition efficient involves cycles of pairing-friendly elliptic curves of prime order. However, known constructions have very low embedding degrees. This entails large parameter sizes, which makes the overall system inefficient. In this paper, we explore 2-cycles composed of curves from families parameterized by polynomials, and show that such cycles do not exist unless a strong condition holds. As a consequence, we prove that no 2-cycles can arise from the known families, except for those cycles already known. Additionally, we show some general properties about cycles, and provide a detailed computation on the density of pairing-friendly cycles among all cycles.
  title={Revisiting cycles of pairing-friendly elliptic curves},
  author={Marta Bellés Muñoz and Jorge Jiménez Urroz and Javier Silva},