News Archive 6

No big changes. I added code that generates random points by raising a generator by a random power, which is faster in some cases as it avoids finite field square root routines. This change does not affect pairing speed.

I’ve been trying to find a case where computing the pairing with elliptic nets is faster than Miller’s algorithm. I haven’t found one yet, but the type E pairing comes close. If the group order weren’t a Solinas prime then it’s possible that the Shipsey-Stange algorithm would be faster.

Various optimizations improve A, D, E pairing times. In the type E case the optimization was trivial: simply precomputing the random point used in the pairing saved a lot of time.

For type A curves, I implemented an algorithm that computes pairings using elliptic nets: see Katherine Stange’s paper. It is not used by default since it is slower. To activate it, if p is a type A pairing, use:

The above paper is accompanied by a PARI/GP script which I used to check against my implementation. I had never used PARI/GP before, and it took me some time to work out what to do. I’ll record what I did here so I won’t have to relearn it next time. First I ran gp with the script as the first argument. Then I typed something like:

Minor changes, e.g. pairing_is_symmetric() function.

The pbc/pbc test program can convert strings to elements of any group. This should make it more effective as outputs from previous runs can now be reused. This also allows some pairing-based cryptosystems to be built using shell scripts.

The PBC library now has a logo, a result of an attempt to liven up these otherwise text-only pages.