Guide to Pairing-Based Cryptography

This book covers efficient pairing computation and basic implementation for cryptographers. The overview includes theory, pseudocode, and optimization. This self-contained handbook can be a reference resource for security professionals as well as a complete textbook for graduate students in cryptography. The scope is largely modern cryptography, and specifically elliptic curve cryptography. As the author asserts, “The most efficient cryptographic pairings currently known come from elliptic curves or higher dimensional algebraic varieties.”

A handbook for practitioners, this resource is rich in algorithms and implementations in either pseudocode or sage. It includes a bevy of examples of use, including pay TV, digital signing, and electronic voting. The algorithmic details often include space and time complexity and comparisons between implementations. Still, these are often high-level, very big picture models with a generality that can apply to various industries and applications. Largely common to each public key cryptography implementation presentation is a discussion of improvements in efficiency through the use of pairing. Indeed, the essential message here is that pairing is not only an important but often essential “building block for the design of secure and efficient cryptographic protocols used in real-world applications.” Protocol designers seeking to meet the iso/iec 15946 standard will find practical advice on meeting that goal here.

Many texts in this realm devote space to history. Much of that material seems quaint and more entertaining than relevant. In this case, mathematical background in cryptographic usage of elliptic curves over a finite field offers a more modern and useful set of fundamentals. You will just have to read about the antique Caesar cipher elsewhere. The discussion spreads over several chapters for a very self-contained offering. This includes background theory on pairings, finite field arithmetic, scalar multiplication and exponentiation in pairing groups, discrete logarithms, cyclotomic groups, hashing into elliptic curves, pairing-friendly elliptic curves, and more.

This is not to say very basic encryption is not used for illustrative purposes. Trivial encodings and naïve encryption, while being “totally insecure,” initiate step by step application of the pairing-based improvements to support chapters on choosing parameters (finite field, elliptic curve, etc.) and software implementation. Adding to the material already rich in practical and classroom value is a particularly enlightening chapter on the architecture of attacks. Included are the intricacies of side-channel assaults including ones that augur keys from power consumption, fault attacks not limited to pairing-based encryption, and countermeasures for the same.

When Tom Schulte first met the (real) graph of a non-singular elliptic curve with two components in a cryptanalysis course, he trained his TI-85 to summon the beguiling shape at will and has been fascinated with elliptic curve cryptography ever since.