Special Polynomial Families for Generating More Suitable Elliptic Curves for Pairing-Based Cryptosystems

Constructing non-supersingular elliptic curves for pairing-based cryptosystems have attracted much attention in recent years. The best previous technique builds curves with ρ = lg(q)/lg(r) ≈ 1 (k = 12) and ρ = lg(q)/lg(r) ≈ 1.25 (k = 24). When k > 12, most of the previous works address the question by representing r(x) as a cyclotomic polynomial. In this paper, we propose a new method to find more pairing-friendly elliptic curves with arbitrary embedding degree k by certain special polynomial families. The new method generates curves with lg(q)/lg(r) ≈ 1 (k ≥ 48) by random forms of r(x). Different representations of r(x) allow us to obtain many new families of pairing-friendly elliptic curves. In addition, we propose a equation to illustrate how to obtain small values of ρ by choosing appropriate forms of discriminant D and trace t. Numerous parameters of certain pairing-friendly elliptic curves are presented with support for the theoretical conclusions.