THE PBC LIBARY

The PBC (Pairing-Based Crypto) library is a C library providing low-level
routines for pairing-based cryptosystems. It provides an interface for
cyclic groups and a bilinear pairing defined on them that are thought to
be cryptographically secure. The interface abstracts the mathematical details
away from the programmer, so no knowledge of elliptic curves is needed to use
the library.

The PBC library also contains routines to generate curves suitable for use
in a bilinear pairing.

See manual.txt for more information.

The PBC library is released under the GNU General Public License. See the
file COPYING for details.

OVERVIEW

Pairing-based cryptography centers around a particular function with
interesting properties.

Let G1, G2, GT be cyclic groups of prime order r. Let g1 be a generator of G1
and g2 be a generator of G2. Let e be a function

e : G1 x G2 --> GT

that is efficiently computable with e(g1, g2) != 1 (nondegenerate) and
e(g1^a, g2^b) = e(g1,g2)^ab (bilinear) for all integers a,b. We refer to
this function e as a bilinear map or a pairing. When G1 = G2 we say that
the pairing is symmetric, otherwise we say the pairing is asymmetric.

With a few more conditions (for example, we may require the discrete log
problem to be hard in G1 and the existence of an efficiently computable
isomorphism from G2 to G1), these pairings can be used to build a wide
variety of cryptosystems.

The PBC library has a "pairing_t" data type. When initialized with pairing
parameters (sample ones are provided with the library), it builds groups G1,
G2, GT and a pairing. The underlying mathematics behind the groups are
abstracted away in the interface.

Routines to generate pairing parameters of varying security are also
provided.

------------------------------------------------------------------------------
Ben Lynn <blynn@cs.stanford.edu>
