pairings.txt

miracl大数库 miracl大数库 miracl大数库

MIRACL contains several optimized implementations of pairings over various 
fields.

A suite of IBE programs are described in the file IBE.TXT

The fastest pairing code over F_p can be found in the files ake2cpt.cpp and
ake2sst.cpp, which implements a simple key exchange protocol, using non-
supersingular and supersingular curves respectively. 
This uses an embedding degree of k=2, so the pairing e(P,Q) evaluates 
naturally as an element in F_p^2. P is a point on the elliptic curve E(Fp) and 
Q is a point on E'(F_p^{k/2}), or in this case E'(F_p) where E' is the twisted 
curve. Using compression the pairing evaluates as an element in F_p^{k/2}, or 
just Fp in this case.

For higher levels of security it is recommended to increase the embedding 
degree and use non-supersingular curves - see ake4cpt.cpp and ake8cpt.cpp for 
examples. We use a "tower of extensions" to build an Fp^4 class on top of an 
Fp^2 class - see zzn2.h and zzn4.h

The pairing-relevant files..

DL.CPP -  This implements the eta pairing on supersingular curves over 
F_{2^m}

DL2.CPP - This implements the eta_T pairing over F_{2^m}. This is possibly 
the fastest known pairing. See Barreto, Galbraith, O'hEigeartaigh and Scott 
- http://eprint.iacr.org/2004/375

etat271.c - A C version of the above - particularly useful for constrained 
            environments. A good example program for embedded implementations

BANDW.CPP - This is actually an NTL program (!) which finds Brezing & Weng 
pairing friendly curves.

MNT.CPP - Finds MNT non-supersingular pairing-friendly curves for k=3,4 or 6

FREEMAN.CPP - Finds k=10 ideal pairing-friendly curves

FOLKLORE.CPP - Finds pairing friendly curves using Cocks-Pinch method.

FINDBASE.CPP - Finds suitable basis for F_{2^m} fields

IRRED.CPP - Finds a suitable irreducible polynomial for Fp^n

WEIL.CPP - Finds the number of points on E(F_p^k)

CM.CPP - Finds elliptic curve parameters using the method of Complex
Multiplication

Note the name AKE2CPT means AKE protocol, on a K=2 curve. The curve is found 
by the Cocks-Pinch Method, and it implements the Tate pairing.

AKE2CPT.CPP -  Implements Authenticated Key Exchange using k=2 non-supersingular curve

AKE2SST.CPP  - Implements Authenticated Key Exchange using k=2 supersingular curve

AKE2CPT2.CPP - Implements Authenticated Key Exchange using Trace map homomorphism

AKE4CPT.CPP  - Implements AKE using Cocks-Pinch k=4 curve

AKE6MNTT.CPP - Implements AKE using MNT k=6 curve, DL 1024-bit security.

AKE6MNTT.C   - A partial C implementation of ake6mntt.cpp - particularly useful for constrained 
               environments. A good example program for embedded implementations

AKE4MNTT.CPP - Implements AKE using MNT k=4 curve, Tate pairing, DL 640-bit security.

AKE4MNTT.C   - A partial C implementation of the above

AKE4MNTA.CPP - Implements AKE using MNT k=4 curve, Ate pairing, DL 640-bit security.

AKE4MNTA.C   - A partial C implementation of the above

AKE6FSTA.CPP - Implements AKE using sextic twist on a D=3, k=6 curve, using Ate pairing.

AKE2NSST.CPP - Faster pairings on a curve with an efficient endomorphism - see 
               Scott Indocrypt 2005

AKE2CPW.CPP -  Uses a modified and optimized version of the Weil pairing

BN.CPP      -  Program to find suitable BN curves - see below

AKE12BNE.CPP - Implements AKE using Eta pairing on BN curves (k=12)

AKE12BNA.CPP - Implements AKE using Ate pairing on BN curves (k=12)

AKE12BNR.CPP - Implements AKE using R-ate pairing on BN curves (k=12)

AKE12BLSA.CPP - Implements AKE using Ate pairing on a k=12, rho=1.5 Barreto-Lynn-Scott curve

The Boneh-Lynn-Shachem short signature scheme

BLS_GEN.CPP  - Generate the public and private parameters from an MNT curve

BLS_SIGN.CPP - create a BLS short signature

BLS_VER.CPP  - verify a BLS short signature

These example programs use the new power-pairing idea, which calculates
E(P,Q,e) = e(P,Q)^e at no (significant) extra cost. See comments in programs.

AKE8BWT.CPP - Implements the AKE using a low-rho Brezing & Weng k=8 curve.

AKE4SBT.CPP - Implements AKE using a low-rho k=4 curve.

AKE8CPT.CPP  - Implements AKE using a Cocks-Pinch k=8 curve

AKE4FSTA.CPP - Implements AKE using ATE pairing - see The Eta Pairing Revisited by Hess, Smart, Vercauteren


For more details on the evolution and implementation of these pairing algorithms, see 
ftp://ftp.computing.dcu.ie/pub/crypto/pairings.pdf