Abstract
Let \(E\) be an elliptic curve over a finite field \({\mathbb F}_q\) with a power of prime \(q,\,r\) a prime dividing \(\#E({\mathbb F}_q)\), and \(k\) the smallest positive integer satisfying \(r\,|\, q^k-1\), called embedding degree. Then a bilinear map \(t: E({\mathbb F}_{q^k})[r] \times E({\mathbb F}_{q^k})/rE({\mathbb F}_{q^k}) \rightarrow {\mathbb F}_{q^k}^*\) is defined, called the Tate pairing. The Ate pairing and other variants are obtained by reducing the domain for each argument and raising it to some power. In this paper we consider the Fixed Argument Pairing Inversion (FAPI) problem for the Tate pairing and its variants. In 2012, considering FAPI for the Ate\(_i\) pairing, Kanayama and Okamoto formulated the Exponentiation Inversion (EI) problem. However the definition gives a somewhat inaccurate description of the hardness of EI. We point out that the described EI can be easily solved, and hence give a repaired definition of EI so that the problem does contain the actual hardness in connection with the prescribed domain for given pairings. Next we show that inverting the Ate pairing (including other variants of the Tate pairing) defined on the smaller domain is neither easier nor harder than inverting the Tate pairing defined on the larger domain. This is interesting because the structure of the Ate pairing is so simple and good (that is, the Miller length is short, the solution domain is small and has an algebraic structure induced from the Frobenius map) that it looks more probable that attackers find further approach to solve FAPI for the Ate pairing, differently from the Tate pairing.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Adleman L.M., Manders K., Miller G.: On taking roots in finite field. In: Proceedings of 18th Annual Symposium on Foundations of Computer Science, pp. 175–178 (1977).
Boneh D., Franklin M.: Identity-based encryption from the weil pairing. In: CRYPTO 2001. Lecture Notes in Computer Science, vol. 2139, pp. 213–229. Springer, Heidelberg (2001).
Boneh D., Boyen X., Shacham H.: Short group signatures. In: Advances in CRYPTO 2004. Lecture Notes in Computer Science, vol. 3152, pp. 41–55. Springer, Heidelberg (2004).
Bach E., Shallit J.: Algorithmic Number Theory, vol. 1. The MIT Press, Cambridge (1996).
Blake I., Seroussi G., Smart N., Cassels J.W.S.: Advances in Elliptic Curve Cryptography. London Mathematical Society Lecture Note Series. Cambridge University Press, New York (2005).
Galbraith S., Hess F., Vercauteren F.: Aspects of pairing inversion. IEEE Trans. Inf. Theory 54(12), 5719–5728 (2008).
Galbraith S., Verheul R.: An analysis of the vector decomposition problem. In: PKC 2008. Lecture Notes in Computer Science, vol. 4939, pp. 308–327. Springer, Heidelberg (2008).
Hess F.: Pairing lattices. In: PAIRING 2008. Lecture Notes in Computer Science, vol. 5209, pp. 18–38. Springer, Heidelberg (2008).
Hess F., Smart N., Vercauteren F.: The Eta pairing revisited. IEEE Trans. Inf. Theory 52(10), 4595–4602 (2006).
Joux A.: A one round protocol for tripartite Diffie-Hellman. In: ANTS 2000. Lecture Notes in Computer Science, vol. 1838, pp. 385–393. Springer, Heidelberg (2000).
Kanayama N., Okamoto E.: Approach to pairing inversions without solving Miller inversion. IEEE Trans. Inf. Theory 58(2), 1248–1253 (2012).
Lee E., Lee H., Park C.: Efficient and generalized pairing computation on abelian varieties. IEEE Trans. Inf. Theory 55(4), 1793–1803 (2006).
Miller V. S.: Short programs for functions on curves. unpublished manuscript (1986). http://crypto.stanford.edu/miller/miller.
Miller V.S.: The Weil pairing and its efficient calculation. J. Cryptol. 17(4), 235–261 (2004).
Vercauteren F.: The hidden root problem. In: PAIRING 2008. Lecture Notes in Computer Science, vol. 5209, pp. 89–99. Springer, Heidelberg (2008).
Vercauteren F.: Optimal pairings. IEEE Trans. Inf. Theory 56(1), 455–461 (2010).
Zhao C., Zhang F., Huang J.: A note on the Ate pairing. Int. J. Inf. Security 6(7), 379–382 (2008).
Acknowledgments
The authors would like to thank the anonymous referees for their helpful comments and suggestion to improve the presentation of this paper. This work was supported by the National Research Foundation (NRF) of Korea Grant funded by the Ministry of Education, Science, and Technology (MEST), Korean Government, under Grant 2012-0001243. S. Kim acknowledges the financial support from Basic Science Research Program through the NRF funded by the Ministry of Education, Science and Technology (2012R1A6A3A01040323).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by I. Shparlinski.
Rights and permissions
About this article
Cite this article
Kim, S., Cheon, J.H. Fixed argument pairing inversion on elliptic curves. Des. Codes Cryptogr. 77, 143–152 (2015). https://doi.org/10.1007/s10623-014-9993-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-014-9993-x