摘要 :
In this paper, we simplify and extend the Eta pairing, originally discovered in the setting of supersingular curves by Barreto , to ordinary curves. Furthermore, we show that by swapping the arguments of the Eta pairing, one obtai...
展开
In this paper, we simplify and extend the Eta pairing, originally discovered in the setting of supersingular curves by Barreto , to ordinary curves. Furthermore, we show that by swapping the arguments of the Eta pairing, one obtains a very efficient algorithm resulting in a speed-up of a factor of around six over the usual Tate pairing, in the case of curves that have large security parameters, complex multiplication by an order of$ BBQ (sqrt -3)$, and when the trace of Frobenius is chosen to be suitably small. Other, more minor savings are obtained for more general curves.
收起
摘要 :
? 2022 Elsevier Inc.A square matrix is called Hessenberg whenever each entry below the subdiagonal is zero and each entry on the subdiagonal is nonzero. Let M denote a Hessenberg matrix. Then M is called circular whenever the uppe...
展开
? 2022 Elsevier Inc.A square matrix is called Hessenberg whenever each entry below the subdiagonal is zero and each entry on the subdiagonal is nonzero. Let M denote a Hessenberg matrix. Then M is called circular whenever the upper-right corner entry of M is nonzero and every other entry above the superdiagonal is zero. A circular Hessenberg pair consists of two diagonalizable linear maps on a nonzero finite-dimensional vector space, that each act on an eigenbasis of the other one in a circular Hessenberg fashion. Let A,A? denote a circular Hessenberg pair. We investigate six bases for the underlying vector space that we find attractive. We display the transition matrices between certain pairs of bases among the six. We also display the matrices that represent A and A? with respect to the six bases. We introduce a special type of circular Hessenberg pair, said to be recurrent. We show that a circular Hessenberg pair A,A? is recurrent if and only if A,A? satisfy the tridiagonal relations. For a circular Hessenberg pair, there is a related object called a circular Hessenberg system. We classify up to isomorphism the recurrent circular Hessenberg systems. To this end, we construct four families of recurrent circular Hessenberg systems. We show that every recurrent circular Hessenberg system is isomorphic to a member of one of the four families.
收起
摘要 :
We observe a natural generalisation of the ate and twisted ate pairings, which allow for performance improvements in non standard applications of pairings to cryptography like composite group orders. We also give a performance com...
展开
We observe a natural generalisation of the ate and twisted ate pairings, which allow for performance improvements in non standard applications of pairings to cryptography like composite group orders. We also give a performance comparison of our pairings and the Tate, ate and twisted ate pairings for certain polynomial families based on operation count estimations and on an implementation, showing that our pairings can achieve a speedup of a factor of up to two over the other pairings.
收起
摘要 :
A square matrix is said to be circular bidiagonal whenever (i) each nonzero entry is on the diagonal, or the subdiagonal, or in the top-right corner; (ii) each subdiagonal entry is nonzero, and the entry in the top-right corner is...
展开
A square matrix is said to be circular bidiagonal whenever (i) each nonzero entry is on the diagonal, or the subdiagonal, or in the top-right corner; (ii) each subdiagonal entry is nonzero, and the entry in the top-right corner is nonzero. Let F denote a field, and let V denote a nonzero finite-dimensional vector space over F. We consider an ordered pair of F-linear maps A : V-+ V and A* : V-+ V that satisfy the following two conditions:center dot there exists a basis for V with respect to which the matrix representing A is circular bidiagonal and the matrix representing A* is diagonal;center dot there exists a basis for V with respect to which the matrix representing A* is circular bidiagonal and the matrix representing A is diagonal. We call such a pair a circular bidiagonal pair on V. We classify the circular bidiagonal pairs up to affine equivalence. There are two infinite families of solutions, which we describe in detail.(c) 2023 Elsevier Inc. All rights reserved.
收起
摘要 :
A square matrix is called Hessenberg whenever each entry below the subdiagonal is zero and each entry on the subdiagonal is nonzero. Let V denote a nonzero finite-dimensional vector space over a field K. We consider an ordered pai...
展开
A square matrix is called Hessenberg whenever each entry below the subdiagonal is zero and each entry on the subdiagonal is nonzero. Let V denote a nonzero finite-dimensional vector space over a field K. We consider an ordered pair of linear transformations A : V -> V and A* : V -> V which satisfy both (i) and (ii) below. (i) There exists a basis for V with respect to which the matrix representing A is Hessenberg and the matrix representing A* is diagonal. (ii) There exists a basis for V with respect to which the matrix representing A is diagonal and the matrix representing A* is Hessenberg. We call such a pair a thin Hessenberg pair (or TH pair). This is a special case of a Hessenberg pair which was introduced by the author in an earlier paper. We investigate several bases for V with respect to which the matrices representing A and A* are attractive. We display these matrices along with the transition matrices relating the bases. We introduce an "oriented" version of A, A* called a TH system. We classify the TH systems up to isomorphism.
收起
摘要 :
A self-pairing is a pairing computation where both inputs are the same group element. Self-pairings are used in some cryptographic schemes and protocols. In this paper, we show how to compute the Tate-Lichtenbaum pairing (D,φ(D))...
展开
A self-pairing is a pairing computation where both inputs are the same group element. Self-pairings are used in some cryptographic schemes and protocols. In this paper, we show how to compute the Tate-Lichtenbaum pairing (D,φ(D)) on a curve more efficiently than the general case. The speedup is obtained by using a simpler final exponentiation. We also discuss how to use this pairing in cryptographic applications.
收起
摘要 :
Genomic in situ hybridization (GISH), using genomic DNA probe from O. australiensis, was used to study chromosome pairing among AA, EE and AE genomes, in the hybrid O. sativaXO. australiensis. In the conventional cytogenetic analy...
展开
Genomic in situ hybridization (GISH), using genomic DNA probe from O. australiensis, was used to study chromosome pairing among AA, EE and AE genomes, in the hybrid O. sativaXO. australiensis. In the conventional cytogenetic analysis, 0-4 bivalents and 20-24 univalents were recorded. GISH, however, revealed 1-5 bivalents and 19-23 univalents. 3 types of pairing were detected: pairing between A and E genome chromosomes, within AA genome chromosomes and within EE genome chromosomes. The frequency of association between O. sativa (AA) and O. australiensis (EE) chromosomes (0.98II/cell) greatly exceeded the level of pairing, within sativa chromosomes (0.15II/cell) or within australiensis chromosomes (0.05II/cell). Results indicated that conventional cytogenetic analysis either underestimates or overestimates the pairing behavior and that GISH is a powerful tool for detecting the nature of pairing in O. sativaXO. australiensis.
收起
摘要 :
Self-pairings are a special subclass of pairings and have interesting applications in cryptographic schemes and protocols. In this paper, we speed up the computation of the self-pairing by using a simple final exponentiation on su...
展开
Self-pairings are a special subclass of pairings and have interesting applications in cryptographic schemes and protocols. In this paper, we speed up the computation of the self-pairing by using a simple final exponentiation on supersingular elliptic curves with embedding degree k=3. We also compare the efficiency of self-pairing computations on different curves over large characteristic. We indicate that supersingular elliptic curves with k=3 may be more attractive for implementing the self-pairings.
收起
摘要 :
Vercauteren introduced the concept of optimal pairing, which by definition can be computed by using at most (log_2 r)/φ(k) + log_2 k basic Miller iterations, where r is the order of the groups involved and k is the embedding degr...
展开
Vercauteren introduced the concept of optimal pairing, which by definition can be computed by using at most (log_2 r)/φ(k) + log_2 k basic Miller iterations, where r is the order of the groups involved and k is the embedding degree Vercauteren (IEEE Trans Inf Theory 56(1):455-461, 2010). Freeman et al. summarized and proposed all of the new constructions of pairing-friendly elliptic curves that currently exist Freeman et al. (J Cryptol 23(2):224-280, 2010). In this paper, we give an optimal pairing for each family of pairing-friendly curves in Freeman et al. (J Cryptol 23(2):224-280, 2010) by taking the Ate or R-ate pairing approach.
收起
摘要 :
Let be an elliptic curve over a finite field with a power of prime a prime dividing , and the smallest positive integer satisfying , called embedding degree. Then a bilinear map is defined, called the Tate pairing. The Ate pairing...
展开
Let be an elliptic curve over a finite field with a power of prime a prime dividing , and the smallest positive integer satisfying , called embedding degree. Then a bilinear map is defined, called the Tate pairing. The Ate pairing and other variants are obtained by reducing the domain for each argument and raising it to some power. In this paper we consider the Fixed Argument Pairing Inversion (FAPI) problem for the Tate pairing and its variants. In 2012, considering FAPI for the Ate pairing, Kanayama and Okamoto formulated the Exponentiation Inversion (EI) problem. However the definition gives a somewhat inaccurate description of the hardness of EI. We point out that the described EI can be easily solved, and hence give a repaired definition of EI so that the problem does contain the actual hardness in connection with the prescribed domain for given pairings. Next we show that inverting the Ate pairing (including other variants of the Tate pairing) defined on the smaller domain is neither easier nor harder than inverting the Tate pairing defined on the larger domain. This is interesting because the structure of the Ate pairing is so simple and good (that is, the Miller length is short, the solution domain is small and has an algebraic structure induced from the Frobenius map) that it looks more probable that attackers find further approach to solve FAPI for the Ate pairing, differently from the Tate pairing.
收起
原文获取