Restrictions of Integer Parameters for Generating Attractive BLS Subfamilies of Pairing-Friendly Elliptic Curves with Specific Embedding Degrees
Pairings are widely used for innovative protocols such as ID-based encryption and group signature authentication. According to the recent works, the Barreto-Lynn-Scott (BLS) family of pairing-friendly elliptic curves is suggested for the pairings at the various security levels. One of the important...
Saved in:
Published in | International Journal of Networking and Computing Vol. 11; no. 2; pp. 383 - 411 |
---|---|
Main Authors | , , , |
Format | Journal Article |
Language | English |
Published |
IJNC Editorial Committee
2021
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Pairings are widely used for innovative protocols such as ID-based encryption and group signature authentication. According to the recent works, the Barreto-Lynn-Scott (BLS) family of pairing-friendly elliptic curves is suggested for the pairings at the various security levels. One of the important facts is that the BLS family has fixed polynomial parameters of a field characteristic and group order in terms of an integer x_0. For practical pairing-based protocols, we have to carefully find x_0 which leads to efficient pairings, however, this search of x_0 is typically complicated. Thus, it is desired some convenient ways of finding x_0 which have advantageous for the pairings. For this reason, Costello et al. proposed simple restrictions for finding x_0 that generates the specific BLS subfamilies of curves with embedding degree k = 24 having one of the best field and curve constructions for the pairings. Since there are demands of such restrictions for the other cases of the embedding degrees, the authors extend their work and provide these for the cases of k = 2^m 3 and 3^n with arbitrary integers m, n>0 in this paper. The results will help to find new parameters which lead to one of the best performing pairings with the BLS family of curves with various k. The results also allow us to respond to change in the security levels of the pairings flexibly according to the progress in the security analyses in the future. |
---|---|
ISSN: | 2185-2839 2185-2847 |
DOI: | 10.15803/ijnc.11.2_383 |