[curves] Curves and code for Identity-based Encryption

Michael Hamburg mike at shiftleft.org
Mon Jan 26 10:25:31 PST 2015 

And https://github.com/herumi/ate-pairing <https://github.com/herumi/ate-pairing>, which also claims to be the fastest.  But the real question may be which has the nicest API.

Unfortunately, BN curves only really shine at the ~WF128 level, where a 256-bit curve matches a 256*12-bit extension field discrete log problem (EFDLP).  At higher WFs (or if you’re worried about improvements in EFDLP), you need a higher embedding degree so that the EFDLP will be harder, or else a very large base field.  I don’t think there’s any any known curve at those higher levels which is as simple as the BN curves.  In particular, last I heard all known families with higher embedding degrees have huge cofactors, on the order of p^(1/5) or higher.

— Mike

> On Jan 26, 2015, at 1:21 AM, Filipe <filipe.beato at esat.kuleuven.be> wrote:
> 
> There is the MIRACL library from Mike Scott that has already an implementation from Boneh-Franklin IBE scheme.
> I have used it and from what I have seen, its the most efficient pairing library.
> 
> Filipe
> 
> 
> 
> On 26 Jan 2015, at 04:05, Watson Ladd <watsonbladd at gmail.com <mailto:watsonbladd at gmail.com>> wrote:
> 
>> BN curves offer very high speeds. I haven't looked at the code myself,
>> but  DCLXVI by Michael Naehrig, Ruben Niederhagen, and Peter Schwabe
>> promises lots of speed. There is also a Go implementation by AGL: I
>> don't know if they are compatible.
>> 
>> On Sun, Jan 25, 2015 at 6:52 PM, Trevor Perrin <trevp at trevp.net <mailto:trevp at trevp.net>> wrote:
>>> Supposing I wanted to implement an IBE scheme (like Boneh-Franklin).
>>> Does anyone know what the "best" curves and implementations are
>>> (hopefully with conservative security, but high speed)?
>>> 
>>> 
>>> Trevor
>>> _______________________________________________
>>> Curves mailing list
>>> Curves at moderncrypto.org <mailto:Curves at moderncrypto.org>
>>> https://moderncrypto.org/mailman/listinfo/curves
>> 
>> 
>> 
>> -- 
>> "Those who would give up Essential Liberty to purchase a little
>> Temporary Safety deserve neither  Liberty nor Safety."
>> -- Benjamin Franklin
>> _______________________________________________
>> Curves mailing list
>> Curves at moderncrypto.org <mailto:Curves at moderncrypto.org>
>> https://moderncrypto.org/mailman/listinfo/curves
> 
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20150126/30ae4302/attachment.html>

More information about the Curves mailing list