Efficient hash maps to 픾2 on BLS curves
نویسندگان
چکیده
When a pairing e : G1 × G2 → GT , on an elliptic curve E defined over Fq, is exploited for an identity-based protocol, there is often the need to hash binary strings into G1 and G2. Traditionally, if E admits a twist Ẽ of order d, then G1 = E(Fq)∩E[r], where r is a prime integer, and G2 = Ẽ(Fqk/d)∩ Ẽ[r], where k is the embedding degree of E w.r.t. r. The standard approach for hashing into G2 is to map to a general point P ∈ Ẽ(Fqk/d) and then multiply it by the cofactor c = #Ẽ(Fqk/d)/r. Usually, the multiplication by c is computationally expensive. In order to speed up such a computation, two different methods (by Scott et al. and by Fuentes et al.) have been proposed. In this paper we consider these two methods for BLS pairing-friendly curves having k ∈ {12, 24, 30, 42, 48}, providing efficiency comparisons. When k = 42, 48, the Fuentes et al. method requires an expensive one-off pre-computation which was infeasible for the computational power at our disposal. In these cases, we theoretically obtain hashing maps that follow Fuentes et al. idea.
منابع مشابه
An Efficient Signature Scheme from Bilinear Pairings and Its Applications
In Asiacrypt2001, Boneh, Lynn, and Shacham [8] proposed a short signature scheme (BLS scheme) using bilinear pairing on certain elliptic and hyperelliptic curves. Subsequently numerous cryptographic schemes based on BLS signature scheme were proposed. BLS short signature needs a special hash function [6, 1, 8]. This hash function is probabilistic and generally inefficient. In this paper, we pro...
متن کاملFast hashing onto pairing-friendly elliptic curves over ternary fields
We propose a fast cryptographic hash algorithm that maps arbitrary messages onto points of pairing-friendly elliptic curves defined over F3m , a core operation in many pairing-based cryptosystems. Our scheme runs in time O(m2), while the best previous algorithm for this task runs in time O(m3). Experimental data confirms the speedup by a factor O(m), or approximately a hundred times for practic...
متن کاملAttractive Subfamilies of BLS Curves for Implementing High-Security Pairings
Barreto-Lynn-Scott (BLS) curves are a stand-out candidate for implementing high-security pairings. This paper shows that particular choices of the pairing-friendly search parameter give rise to four subfamilies of BLS curves, all of which offer highly efficient and implementationfriendly pairing instantiations. Curves from these particular subfamilies are defined over prime fields that support ...
متن کاملProgrammable Hash Functions in the Multilinear Setting
We adapt the concept of a programmable hash function (PHF, Crypto 2008) to a setting in which a multilinear map is available. This enables new PHFs with previously unachieved parameters. To demonstrate their usefulness, we show how our (standard-model) PHFs can replace random oracles in several well-known cryptographic constructions. Namely, we obtain standard-model versions of the BonehFrankli...
متن کاملEfficient Optimal Ate Pairing at 128-bit Security Level
Following the emergence of Kim and Barbulescu’s new number field sieve (exTNFS) algorithm at CRYPTO’16 [21] for solving discrete logarithm problem (DLP) over the finite field; pairing-based cryptography researchers are intrigued to find new parameters that confirm standard security levels against exTNFS. Recently, Barbulescu and Duquesne have suggested new parameters [3] for well-studied pairin...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017