Pairing-Based Crypto Library 0.1.1

Test Programs
-------------

testmnt
    This produces parameters for a curve suitable for computing pairings.
example.txt contains sample output. The output should be fed to some of
the other test programs.

testsig
    Reads curve parameters on standard input and performs computations
that would be required in an implementation of the Boneh-Lynn-Shacham
short signature scheme.
    
testibe
    Reads curve parameters on standard input and performs computations
that would be required in an implementation of the Boneh-Franklin
identity-based encryption scheme.

testbb, testbls
    These test the Boneh-Boyen and Boneh-Lynn-Shacham signature functions.
I intend to split off code dealing with signatures into a separate library,
as I feel this library should be strictly about the pairing and not
applications.
    Reads curve parameters on standard input.

testbbs
    Gives rough timing results one would expect from an implementation of
the BBS group signature scheme.
    Reads curve parameters on standard input.

testsol
    Tests a certain type of supersingular curve. The order of G_1 (and G_2, G_T)
is chosen to be a Solinas prime.

benchmark, bmsolinas
    Benchmarks the pairings. "benchmark" times MNT pairings while "bmsolinas"
times k=2 supersingular curves over a field F_q where q is a Solinas prime.

MNT Curves
----------
q   F_q is the base field
n   # of points in E(F_q)
r   large prime dividing n
h   n = h * r
a   E is given by y^2 = x^3 + ax + b
b
k   embedding degree, i.e. E(F_q^k) has all r-torison points
nk  # of points in E(F_q^k)
hk  nk = hk * r * r

k=2 Supersingular Curves
------------------------
exp2, exp1, sign1, sign0, r:
    r = 2^exp2 + sign1 * 2^exp1 + sign0 * 1 (Solinas prime)
q, h:
    r * h = q + 1
    q is a prime, h is a multiple of 12 (thus q = -1 mod 12)

We use the curve y^2 = x^3 + x, so #E(F_q) = q + 1 = r * h,
and #E(F_q^2) = (q+1)^2 = r^2 * h^2.

Since q = -1 mod 12, we can implement F_q^2 as F_q[i],
where i = sqrt(-1).

--------------------------------
Ben Lynn <blynn@cs.stanford.edu>
