pairingtypes.xml

这是一个C的源代码

<chapter>
<section><title>Type B</title>
<para>
This type is reserved for the curve y^2 = x^3 + 1 over F_q with
q = -1 mod 12. It has yet to be implemented as I have not seen a compelling
reason to use it.
</para>
<para>
There are advantages unique to this curve however. Since cube roots in F_q
are fast and guaranteed to exist, for any given value of y, it is easy to
solve for x. Also, the coefficient of x is zero in the curve equation,
simplifying some equations (e.g. point doubling).
</para>
<para>
There is also at least one drawback when compared with the similar type A
pairing. If symmetry of the pairing is insisted upon, some optimizations are
not possible. If ever implemented, perhaps I will divide this case into two
subtypes, one symmetric, and the other asymmetric but slightly faster.
</para>
</section>
<section><title>Type C</title>
<para>
This type is reserved for supersingular curves with embedding degree 6.
Pairings are fast as optimizations specific to fields of characteristic 3
may be used. The embedding degree of 6 also means the representations of
elements of G1 are short.
</para>
<para>
On the other hand, the low characteristic also makes these curves more
susceptible to Coppersmith's attack, so slightly larger fields are needed
for security. Because of this, I have no plans to implement them in the
immediate future.
</para>
</section>
<section><title>Type G</title>
<para>
k = 10 curves may also be constructed.
</para>
</section>
</chapter>
<para>
Now pairing->G1, pairing->G2,
pairing->GT and bilinear_map() can be used as follows.
Declare and initialize some group elements:
</para>
<programlisting>element_t x, y, z;
element_init(x, pairing->G1);
element_init(y, pairing->G2);
element_init(z, pairing->GT);
</programlisting><para>
To pick random elements of G1, G2 and compute a pairing:
</para>
<programlisting>element_random(x);
element_random(y);
bilinear_map(z, x, y, pairing);
</programlisting>
<para>
Now z = e(x, y).
</para>
<para>
To raise x by some random exponent r:
</para>
<programlisting>element_t r;
element_init(r, pairing->Zr);
element_random(r);
element_pow_fp(x, x, r);
</programlisting>