Factor-4 and 6 compression of cyclotomic subgroups of F 24m* and F 36m*

Abstract

Bilinear pairings derived from supersingular elliptic curves of embedding degrees 4 and 6 over finite fields F2m and F3m, respectively, have been used to implement pairing-based cryptographic protocols. The pairing values lie in certain prime-order subgroups of the cyclotomic subgroups of orders 2 2m C 1 and 3 2m -3m + 1, respectively, of the multiplicative groups F 24m* and F 36m*. It was previously known how to compress the pairing values over characteristic two fields by a factor of 2, and the pairing values over characteristic three fields by a factor of 6. In this paper, we show how the pairing values over characteristic two fields can be compressed by a factor of 4. Moreover, we present and compare several algorithms for performing exponentiation in the prime-order subgroups using the compressed representations. In particular, in the case where the base is fixed, we expect to gain at least a 54% speed up over the fastest previously known exponentiation algorithm that uses factor-6 compressed representations. © de Gruyter 2010.