This paper proposes new explicit formulas for the doubling and addition steps in Miller’s algorithm to compute the Tate pairing on elliptic curves in Weierstrass and in Edwards form. For Edwards curves the formulas come from a new way of seeing the arithmetic. We state the first geometric interpretation of the group law on Edwards curves by presenting the functions which arise in addition and doubling. The Tate pairing on Edwards curves can be computed by using these functions in Miller’s algorithm. Computing the sum of two points or the double of a point and the coefficients of the corresponding functions is faster with our formulas than with all previously proposed formulas for pairings on Edwards curves. They are even competitive with all published formulas for pairing computation on Weierstrass curves. We also improve the formulas for Tate pairing computation on Weierstrass curves in Jacobian coordinates. Finally, we present several examples of pairing-friendly Edwards curves.

Proposition 1 Let E: y 2 = F(x) = x 3 + ax + b be an elliptic curve defined over Fp having three rational 2-torsion points. If p ≡ 3 mod 4, there are no rational 4-torsion points on E. Remember Swan’s theorem [3]. Let () a p denote the Legendre’s symbol. Theorem 2 Let f(X) be a squarefree polynomial of degree d and n its number of irreducible factors modulo p. Then