Article

Co-factor Clearing and Subgroup Membership Testing on Pairing-Friendly Curves

Authors:

Progress in Cryptology - AFRICACRYPT 2022: 13th International Conference on Cryptology in Africa, AFRICACRYPT 2022, Fes, Morocco, July 18–20, 2022, Proceedings

Pages 518 - 536

https://doi.org/10.1007/978-3-031-17433-9_22

Published: 18 July 2022 Publication History

Abstract

An important cryptographic operation on elliptic curves is hashing to a point on the curve. When the curve is not of prime order, the point is multiplied by the cofactor so that the result has a prime order. This is important to avoid small subgroup attacks for example. A second important operation, in the composite-order case, is testing whether a point belongs to the subgroup of prime order. A pairing is a bilinear map

e : G_{1} \times G_{2} \to G_{T}

where

G_{1}

and

G_{2}

are distinct subgroups of prime order r of an elliptic curve, and

G_{T}

is a multiplicative subgroup of the same prime order r of a finite field extension. Pairing-friendly curves are rarely of prime order. We investigate cofactor clearing and subgroup membership testing on these composite-order curves. First, we generalize a result on faster cofactor clearing for BLS curves to other pairing-friendly families of a polynomial form from the taxonomy of Freeman, Scott and Teske. Second, we investigate subgroup membership testing for

G_{1}

and

G_{2}

. We fix a proof argument for the

G_{2}

case that appeared in a preprint by Scott in late 2021 and has recently been implemented in different cryptographic libraries. We then generalize the result to both

G_{1}

and

G_{2}

and apply it to different pairing-friendly families of curves. This gives a simple and shared framework to prove membership tests for both cryptographic subgroups.

References

[1]

Aranha DF, Pagnin E, and Rodríguez-Henríquez F Longa P and Ràfols C LOVE a pairing Progress in Cryptology – LATINCRYPT 2021 2021 Cham Springer 320-340

Crossref

Google Scholar

[2]

Barreto PSLM, Lynn B, and Scott M Cimato S, Persiano G, and Galdi C Constructing elliptic curves with prescribed embedding degrees Security in Communication Networks 2003 Heidelberg Springer 257-267

Crossref

Google Scholar

[3]

Barreto PSLM and Naehrig M Preneel B and Tavares S Pairing-friendly elliptic curves of prime order Selected Areas in Cryptography 2006 Heidelberg Springer 319-331

Crossref

Google Scholar

[4]

Botrel, G., Piellard, T., Housni, Y.E., Tabaie, A., Kubjas, I.: Consensys/gnark-crypto (2022).

Crossref

Google Scholar

[5]

Bowe, S.: Faster subgroup checks for BLS12-381. Cryptology ePrint Archive, Report 2019/814 (2019). https://eprint.iacr.org/2019/814

Google Scholar

[6]

Budroni, A., Pintore, F.: Efficient hash maps to

G_{2}

on bls curves. Appl. Algebra Eng. Commun. Comput. 33, 261–281 (2022)., ePrint https://eprint.iacr.org/2017/419

Crossref

Google Scholar

[7]

Clarisse R, Duquesne S, and Sanders O Krenn S, Shulman H, and Vaudenay S Curves with fast computations in the first pairing group Cryptology and Network Security 2020 Cham Springer 280-298

Crossref

Google Scholar

[8]

El Housni, Y., Guillevic, A.: Families of SNARK-friendly 2-chains of elliptic curves. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022. LNCS, vol. 13276, pp. 367–396. Springer, Cham (2022).

Crossref

Google Scholar

[9]

Freeman D, Scott M, and Teske E A taxonomy of pairing-friendly elliptic curves J. Cryptol. 2010 23 2 224-280

Crossref

Google Scholar

[10]

Galbraith SD and Scott M Galbraith SD and Paterson KG Exponentiation in pairing-friendly groups using homomorphisms Pairing-Based Cryptography – Pairing 2008 2008 Heidelberg Springer 211-224

Crossref

Google Scholar

[11]

Schoof R Nonsingular plane cubic curves over finite fields J. Comb. Theor Series A 1987 46 2 183-211

Crossref

Google Scholar

[12]

Scott, M.: A note on group membership tests for

G_{1}

G_{2}

and

G_{T}

on BLS pairing-friendly curves. ePrint https://eprint.iacr.org/2021/1130d2021/1130

Google Scholar

[13]

Scott, M.: A note on twists for pairing friendly curves (2009). http://indigo.ie/ mscott/twists.pdf

Google Scholar

[14]

Wahby, R.S., Boneh, D.: Fast and simple constant-time hashing to the BLS12-381 elliptic curve. IACR TCHES, 2019(4), 154–179 (2019).

Crossref

Google Scholar

Cited By

View all

Dai YHe DPeng CYang ZZhao C(2024)Revisiting Pairing-Friendly Curves with Embedding Degrees 10 and 14Advances in Cryptology – ASIACRYPT 202410.1007/978-981-96-0888-1_15(454-485)Online publication date: 10-Dec-2024
https://dl.acm.org/doi/10.1007/978-981-96-0888-1_15
Dai YLin KZhao CZhou Z(2023)Fast subgroup membership testings for , and on pairing-friendly curvesDesigns, Codes and Cryptography10.1007/s10623-023-01223-791:10(3141-3166)Online publication date: 1-Oct-2023
https://dl.acm.org/doi/10.1007/s10623-023-01223-7

Index Terms

Co-factor Clearing and Subgroup Membership Testing on Pairing-Friendly Curves

Index terms have been assigned to the content through auto-classification.

Recommendations

Constructing pairing-friendly genus 2 curves with ordinary Jacobians
Pairing'07: Proceedings of the First international conference on Pairing-Based Cryptography

We provide the first explicit construction of genus 2 curves over finite fields whose Jacobians are ordinary, have large prime-order subgroups, and have small embedding degree. Our algorithm is modeled on the Cocks-Pinch method for constructing pairing-...
Hashing to G2 on BLS pairing-friendly curves

When a pairing e : G₁ x G₂ → G_T, on an elliptic curve E defined over F_q, is exploited in a cryptographic protocol, there is often the need to hash binary strings into G₁ and G₂. Traditionally, if E admits a twist Ẽ of order d, then G₁ = E(F_q)⋂E[r], ...
Generating more Kawazoe-Takahashi genus 2 pairing-friendly hyperelliptic curves
Pairing'10: Proceedings of the 4th international conference on Pairing-based cryptography

Constructing pairing-friendly hyperelliptic curves with small ρ-values is one of challenges for practicability of pairing-friendly hyperelliptic curves. In this paper, we describe a method that extends the Kawazoe-Takahashi method of generating families ...

Comments

Information & Contributors

Information

Published In

Progress in Cryptology - AFRICACRYPT 2022: 13th International Conference on Cryptology in Africa, AFRICACRYPT 2022, Fes, Morocco, July 18–20, 2022, Proceedings

Jul 2022

598 pages

ISBN:978-3-031-17432-2

DOI:10.1007/978-3-031-17433-9

Editors:
Lejla Batina
Radboud University, Nijmegen, The Netherlands
,
Joan Daemen
Radboud University, Nijmegen, Gelderland, The Netherlands

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 18 July 2022

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 31 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Dai YHe DPeng CYang ZZhao C(2024)Revisiting Pairing-Friendly Curves with Embedding Degrees 10 and 14Advances in Cryptology – ASIACRYPT 202410.1007/978-981-96-0888-1_15(454-485)Online publication date: 10-Dec-2024
https://dl.acm.org/doi/10.1007/978-981-96-0888-1_15
Dai YLin KZhao CZhou Z(2023)Fast subgroup membership testings for , and on pairing-friendly curvesDesigns, Codes and Cryptography10.1007/s10623-023-01223-791:10(3141-3166)Online publication date: 1-Oct-2023
https://dl.acm.org/doi/10.1007/s10623-023-01223-7

Abstract

References

Cited By

Index Terms

Recommendations

Constructing pairing-friendly genus 2 curves with ordinary Jacobians

Hashing to G2 on BLS pairing-friendly curves

Generating more Kawazoe-Takahashi genus 2 pairing-friendly hyperelliptic curves

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Share

Share this Publication link

Share on social media

Affiliations