## Efficient algorithms for pairing-based cryptosystems (2002)

### Cached

### Download Links

- [www.mathmagic.cn]
- [eprint.iacr.org]
- [rooster.stanford.edu]
- DBLP

### Other Repositories/Bibliography

Citations: | 291 - 23 self |

### BibTeX

@INPROCEEDINGS{Barreto02efficientalgorithms,

author = {Paulo S. L. M. Barreto and Hae Y. Kim and Ben Lynn and Michael Scott},

title = {Efficient algorithms for pairing-based cryptosystems},

booktitle = {},

year = {2002},

pages = {354--368},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract. We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics. We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over Fpm, the latter technique being also useful in contexts other than that of pairing-based cryptography. 1

### Citations

2466 | S.: Handbook of Applied Cryptography - Menezes, Oorschot, et al. - 1996 |

1123 | Identity-based encryption from the Weil pairing
- Boneh, Franklin
(Show Context)
Citation Context ...em is easy while the Computational Diffie-Hellman (CDH) problem is hard, and the subsequent definition of a new class of problems variously called the Gap Diffie-Hellman [11], Bilinear Diffie-Hellman =-=[2]-=-, or Tate-Diffie-Hellman [6] class, has given rise to the development of a new, ever expanding family of cryptosystems based on pairings, such as: – Short signatures [3]. – Identity-based encryption a... |

913 |
A Course in Computational Algebraic Number Theory
- Cohen
- 1993
(Show Context)
Citation Context ... use a single bit from the ordinate y as a selector 2 between the two solutions of the equation y 2 = f(x) for a given x. In a finite field Fpm where p ≡ 3 (mod 4) and odd m, the best algorithm known =-=[4,17]-=- to compute a square root executes O(m3 ), or more precisely O(m3 log p), Fp operations. By that method, a solution of x2 = a is given by x = a (pm +1)/4 , assuming a is a quadratic residue. We first ... |

818 | The arithmetic of elliptic curves - Silverman - 1986 |

559 | Short signatures from the weil pairing
- Lynn, Shacham
- 2001
(Show Context)
Citation Context ... [11], Bilinear Diffie-Hellman [2], or Tate-Diffie-Hellman [6] class, has given rise to the development of a new, ever expanding family of cryptosystems based on pairings, such as: – Short signatures =-=[3]-=-. – Identity-based encryption and escrow ElGamal encryption [2]. – Identity-based authenticated key agreement [29]. – Identity-based signature schemes [8,22,24]. – Tripartite Diffie-Hellman [10]. – Se... |

285 | Reducing elliptic curve logarithms to logarithms in a finite field - Menezes, Okamoto, et al. - 1993 |

284 | Elliptic curve public key cryptosystems - Menezes - 1993 |

174 | Cryptosystems based on pairing - Sakai, Ohgishi, et al. - 2000 |

159 | elliptic curves in cryptography - blake, seroussi, et al. - 1999 |

100 | New explicit conditions of elliptic curve traces for fr-reduction,” IEICE transactions on fundamentals of electronics, communications and computer sciences - Miyaji, Takano - 2001 |

94 | ID-based signatures from pairings on elliptic curves - Paterson - 2002 |

92 | S.: A fast algorithm for computing multiplicative inverses in GF (2 m ) using normal bases - Itoh, Tsujii - 1988 |

87 | Supersingular Curves in Cryptography - Galbraith - 2001 |

60 | An identity based authenticated key agreement protocol based on the Weil pairing - Smart - 2002 |

54 | The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems
- Frey, Müller, et al.
- 1999
(Show Context)
Citation Context ...s) proceeds as follows. Double-and-add scalar multiplication: set V ← P for i ← t − 1,t− 2,...,1, 0do{ set V ← 2V if ki = 1 then set V ← V + P } return V 1 This definition differs from those given in =-=[5,6]-=- in that we restrict the first argument of eℓ to E(Fq)[ℓ] and the second argument to E(Fqk)[ℓ] instead of E(Fqk)[ℓ] and E(Fqk)/ℓE(Fqk) respectively, and we raise fP (AQ) tothepower(q k − 1)/ℓ, so that... |

46 | Generalized Mersenne numbers - Solinas - 1999 |

34 | An elliptic curve implementation of the finite field digital signature algorithm - Koblitz - 1998 |

22 | Seperating decision Di#e-Hellman from Di#e-Hellman in cryptographic groups", J. Cryptology Online First, available from http://eprint.iacr.org/2001/003 - Joux, Nguyen |

19 | The implementation of elliptic curve cryptosystems - Menezes, Vanstone - 1990 |

11 | Exponent group signature schemes and e#cient identity based signature schemes based on pairings, Available from http://eprint.iacr.org - Hess - 2002 |

6 | Short Programs for Functions on Curves," unpublished manuscript - Miller - 1986 |

6 | Self-Blindable Credential Certi from the Weil Pairing - Verheul - 2001 |

4 |
Supersingular curves
- Galbraith
- 2002
(Show Context)
Citation Context ...tional Diffie-Hellman (CDH) problem is hard, and the subsequent definition of a new class of problems variously called the Gap Diffie-Hellman [11], Bilinear Diffie-Hellman [2], or Tate-Diffie-Hellman =-=[6]-=- class, has given rise to the development of a new, ever expanding family of cryptosystems based on pairings, such as: – Short signatures [3]. – Identity-based encryption and escrow ElGamal encryption... |

4 | The Best and Worst of Supersingular Abelian Varieties in Cryptology, eprint 2002/006 - Rubin, Silverberg - 2002 |

3 | Finite Fields", Encyclopedia of Mathematics and its applications, Volume 20 - Lidl, Niederreiter |

2 | Std 2000-1363, \Standard Speci for Public Key Cryptography - IEEE - 2000 |

1 | Elliptic Curves un Cryptography - Blake, Seroussi, et al. - 1999 |

1 | IBE library," available at http://crypto.stanford.edu/ibe - Lynn, \Stanford |