[curves] Curve cycles
Jeff Burdges
burdges at gnunet.org
Fri Aug 31 02:28:42 PDT 2018
> On 18 Aug 2018, at 15:10, Michael Scott <mike.scott at miracl.com> wrote:
> I really don't expect any other cycles to be found, outside the simple MNT case. The search for pairing-friendly curves is I suspect largely complete at this stage.
Interesting. It looks like the authors estimated an 80 bit security level for the curve cycle they explored/recommended.
If I understand, the more recent NFS improvements that impact BN curves do not impact these MNT curves much, as folks had unrelated concerns about their security that were already incorporated.
https://ellipticnews.wordpress.com/2016/05/02/kim-barbulescu-variant-of-the-number-field-sieve-to-compute-discrete-logarithms-in-finite-fields/
> On Sat, Aug 18, 2018 at 1:29 PM Jeff Burdges <burdges at gnunet.org> wrote:
>
> Is anyone actively working on cycles of pairing friendly elliptic curves?
>
> In other words, each curve’s field of definition is the scalar field of it’s predecessor, which makes recursive composition of SNARKs not totally insane:
> https://www.iacr.org/archive/crypto2014/86160202/86160202.pdf
>
> I’d think you’d want to explore a lot of possible optimisations beyond that paper before trying to use something like this, so maybe someone has tried?
>
> In practice, I’m unsure if recursively composed SNARKs really give you much since, if you want to add a SNARK layer, then you still need access to some large database, but.. that discussion might veer off topic for here.
>
> Best,
> Jeff
>
> p.s. We’re hiring cryptographers at the web 3 foundation : https://web3.foundation/jobs
>
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20180831/8584cf94/attachment.sig>
More information about the Curves
mailing list