draft-irtf-cfrg-pairing-friendly-curves-00

Pairing-Friendly Curves
draft-irtf-cfrg-pairing-friendly-curves-00

Versions
00


Document	Type	Active Internet-Draft (cfrg RG)
	Last updated	2019-11-01
	Stream	IRTF
	Intended RFC status	(None)
	Formats	plain text xml pdf htmlized bibtex
Stream	IRTF state	(None)
	Consensus Boilerplate	Unknown
	Document shepherd	No shepherd assigned
IESG	IESG state	I-D Exists
	Telechat date
	Responsible AD	(None)
	Send notices to	(None)

Email authors Email RG IPR References Referenced by Nits

CFRG                                                           Y. Sakemi
Internet-Draft                                                   Lepidum
Intended status: Experimental                               T. Kobayashi
Expires: May 4, 2020                                            T. Saito
                                                                     NTT
                                                        November 1, 2019

                        Pairing-Friendly Curves
               draft-irtf-cfrg-pairing-friendly-curves-00

Abstract

   This memo introduces pairing-friendly curves used for constructing
   pairing-based cryptography.  It describes recommended parameters for
   each security level and recent implementations of pairing-friendly
   curves.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on May 4, 2020.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of

Sakemi, et al.             Expires May 4, 2020                  [Page 1]
Internet-Draft           Pairing-Friendly Curves           November 2019

   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Pairing-Based Cryptography  . . . . . . . . . . . . . . .   2
     1.2.  Applications of Pairing-Based Cryptography  . . . . . . .   3
     1.3.  Goal  . . . . . . . . . . . . . . . . . . . . . . . . . .   4
     1.4.  Requirements Terminology  . . . . . . . . . . . . . . . .   4
   2.  Preliminaries . . . . . . . . . . . . . . . . . . . . . . . .   4
     2.1.  Elliptic Curve  . . . . . . . . . . . . . . . . . . . . .   4
     2.2.  Pairing . . . . . . . . . . . . . . . . . . . . . . . . .   5
     2.3.  Barreto-Naehrig Curve . . . . . . . . . . . . . . . . . .   6
     2.4.  Barreto-Lynn-Scott Curve  . . . . . . . . . . . . . . . .   6
     2.5.  Representation Convention for an Extension Field  . . . .   7
   3.  Security of Pairing-Friendly Curves . . . . . . . . . . . . .   8
     3.1.  Evaluating the Security of Pairing-Friendly Curves  . . .   8
     3.2.  Impact of the Recent Attack . . . . . . . . . . . . . . .   9
   4.  Security Evaluation of Pairing-Friendly Curves  . . . . . . .   9
     4.1.  For 100 Bits of Security  . . . . . . . . . . . . . . . .   9
     4.2.  For 128 Bits of Security  . . . . . . . . . . . . . . . .  10
       4.2.1.  BN Curves . . . . . . . . . . . . . . . . . . . . . .  10
       4.2.2.  BLS Curves  . . . . . . . . . . . . . . . . . . . . .  12
     4.3.  For 192 Bits of Security  . . . . . . . . . . . . . . . .  14
     4.4.  For 256 Bits of Security  . . . . . . . . . . . . . . . .  15
   5.  Implementations of Pairing-Friendly Curves  . . . . . . . . .  19
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  21
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  21
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  21
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  21
     9.1.  Normative References  . . . . . . . . . . . . . . . . . .  21
     9.2.  Informative References  . . . . . . . . . . . . . . . . .  22
   Appendix A.  Computing Optimal Ate Pairing  . . . . . . . . . . .  26
     A.1.  Optimal Ate Pairings over Barreto-Naehrig Curves  . . . .  27
     A.2.  Optimal Ate Pairings over Barreto-Lynn-Scott Curves . . .  27
   Appendix B.  Test Vectors of Optimal Ate Pairing  . . . . . . . .  28
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  35

1.  Introduction

1.1.  Pairing-Based Cryptography

   Elliptic curve cryptography is one of the important areas in recent
   cryptography.  The cryptographic algorithms based on elliptic curve
   cryptography, such as ECDSA (Elliptic Curve Digital Signature

Show full document text

Pairing-Friendly Curvesdraft-irtf-cfrg-pairing-friendly-curves-00

Pairing-Friendly Curves
draft-irtf-cfrg-pairing-friendly-curves-00