pairing_option_set(p, "method", "shipsey-stange");
PBC Library
The Pairing-Based Cryptography Library
News Archive 7
Released pbc-0.4.6
Fortunately for me, Paul Miller tests each version extensively soon after release. In version 0.4.5 he found a bug that I had overlooked for one of the usual reasons: "the modification is so trivial that it can’t possibly cause problems!". Luckily the bug wasn’t difficult to fix.
I finally implemented what I call type G pairings, which are curves of embedding degree 10 found by David Freeman.
They’re a bit slow at the moment, but I hope to speed them up soon. Interestingly, Katherine Stange’s elliptic net algorithm for computing a type G pairing is about the same speed as Miller’s algorithm, but this is without using (signed) sliding windows for the latter.
Fri Feb 2 18:04:45 PST 2007
Released pbc-0.4.5
No big changes. I added code that generates random points by raising a generator by a random power, which is faster in some cases as it avoids finite field square root routines. This change does not affect pairing speed.
I’ve been trying to find a case where computing the pairing with elliptic nets is faster than Miller’s algorithm. I haven’t found one yet, but the type E pairing comes close. If the group order weren’t a Solinas prime then it’s possible that the Shipsey-Stange algorithm would be faster.
Wed Jan 31 16:12:51 PST 2007
Released pbc-0.4.4
Various optimizations improve A, D, E pairing times. In the type E case the optimization was trivial: simply precomputing the random point used in the pairing saved a lot of time.
For type A curves, I implemented an algorithm that computes pairings using elliptic nets: see Katherine Stange’s paper. It is not used by default since it is slower. To activate it, if p is a type A pairing, use:
The above paper is accompanied by a PARI/GP script which I used to check against my implementation. I had never used PARI/GP before, and it took me some time to work out what to do. I’ll record what I did here so I won’t have to relearn it next time. First I ran gp with the script as the first argument. Then I typed something like:
q=1019 r=17 x=493 y=398 x2=672 y2=336 E=ellinit([0,0,0,Mod(1,q),0]) a=Mod(X,X^2+1) P=[Mod(x,q),Mod(y,q)] Q=[Mod(-x2,q), Mod(y2,q)*a] tate_pairing_alg(E,P,Q,r)
Thu Jan 25 05:13:34 PST 2007
Released pbc-0.4.3
Minor changes, e.g. pairing_is_symmetric() function.
Sat Jan 13 05:40:54 PST 2007
Released pbc-0.4.2
The pbc/pbc test program can convert strings to elements of any group. This should make it more effective as outputs from previous runs can now be reused. This also allows some pairing-based cryptosystems to be built using shell scripts.