International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: A taxonomy of pairing-friendly elliptic curves

David Freeman
Michael Scott
Edlyn Teske
Search ePrint
Search Google
Abstract: Elliptic curves with small embedding degree and large prime-order subgroup are key ingredients for implementing pairing-based cryptographic systems. Such "pairing-friendly" curves are rare and thus require specific constructions. In this paper we give a single coherent framework that encompasses all of the constructions of pairing-friendly elliptic curves currently existing in the literature. We also include new constructions of pairing-friendly curves that improve on the previously known constructions for certain embedding degrees. Finally, for all embedding degrees up to 50, we provide recommendations as to which pairing-friendly curves to choose to best satisfy a variety of performance and security requirements.
  title={A taxonomy of pairing-friendly elliptic curves},
  booktitle={IACR Eprint archive},
  keywords={Public key cryptography / elliptic curves, pairing-based cryptosystems, embedding degree, efficient implementation},
  note={ 14568 received 27 Oct 2006, last revised 20 Nov 2009},
  author={David Freeman and Michael Scott and Edlyn Teske},