A new record for pairing computation at the 256-bit level

Mike Scott, the researcher who's responsible for lots of the optimizations that make it possible to efficiently implement the pairings that pairing-based cryptography uses, has set another record. His new record is for a BB1 decryption at the 256-bit security level on a 64-bit Intel i5 520M running at 2.4 GHz in about 44 ms. That's very impressive.

When pairing-based cryptography was relatively new, calculating a pairing was fairly expensive, which made PBC unattractive for many applications where the computing power of a desktop PC or server wasn't available. The work of Scott and others has essentially removed that obstacle to the widespread use of pairings, so they may be showing up in lots of other areas soon.

There's also more interesting material in Scott's paper ("On the Efficient Implementation of Pairing-Based Protocols") that describes this record. Here's how he describes what it tells us, just in case you're undecided about whether or not you should read it:

The advent of Pairing-based protocols has had a major impact on the applicability of cryptography to the solution of more complex real-world problems. However there has always been a question mark over the performance of such protocols. In response much work has been done to optimize pairing implementation, and now it is generally accepted that being pairing-based does not preclude a protocol from consideration as a practical proposition. However although a lot of effort has gone into the optimization of the stand-alone pairing, in many protocols the pairing calculation appears in a particular context within which further optimizations may be possible. It is the purpose of this paper to bridge the gap between theory and practise, and to show that even complex protocols may have a surprisingly efficient implementation. We also point out that in some cases the usually recommended pairing friendly curves may not in fact be optimal. We claim a new record with our implementation of a pairing at the AES-256 bit level.

Leave a Reply

Your email address will not be published. Required fields are marked *