{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,1,11]],"date-time":"2023-01-11T10:34:08Z","timestamp":1673433248410},"reference-count":52,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2017,7,1]],"date-time":"2017-07-01T00:00:00Z","timestamp":1498867200000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["AAECC"],"published-print":{"date-parts":[[2018,3]]},"DOI":"10.1007\/s00200-017-0334-y","type":"journal-article","created":{"date-parts":[[2017,7,1]],"date-time":"2017-07-01T09:50:24Z","timestamp":1498902624000},"page":"113-147","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Choosing and generating parameters for pairing implementation on BN curves"],"prefix":"10.1007","volume":"29","author":[{"given":"Sylvain","family":"Duquesne","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nadia","family":"El Mrabet","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Safia","family":"Haloui","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Franck","family":"Rondepierre","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,7,1]]},"reference":[{"key":"334_CR1","doi-asserted-by":"crossref","unstructured":"Acar, T., Lauter, K.E., Naehrig, M., Shumow, D.: Affine pairings on ARM. In: Abdalla, M., Lange, T. (eds.) Pairing-Based Cryptography\u2014Pairing 2012, Volume 7708 of Lecture Notes in Computer Science, pp. 203\u2013209. Springer, Berlin (2012)","DOI":"10.1007\/978-3-642-36334-4_13"},{"key":"334_CR2","doi-asserted-by":"crossref","unstructured":"Aranha, D., Karabina, K., Longa, P., Gebotys, C.H., L\u00f3pez, J.: Faster explicit formulas for computing pairings over ordinary curves. In: Advances in Cryptology EUROCRYPT 2011, Volume 6632 of LNCS, pp. 48\u201368. Springer, Berlin (2011)","DOI":"10.1007\/978-3-642-20465-4_5"},{"key":"334_CR3","doi-asserted-by":"crossref","unstructured":"Aranha, D.F., Barreto, P.S.L.M., Longa, P., Ricardini, J.E.: The realm of the pairings. In: Lange, T., Lauter, K., Lisonek, P. (eds.) Selected Areas in Cryptography\u2014SAC 2013, Volume 8282 of Lecture Notes in Computer Science, pp. 3\u201325. Springer, Berlin (2014)","DOI":"10.1007\/978-3-662-43414-7_1"},{"key":"334_CR4","doi-asserted-by":"crossref","unstructured":"Barbulescu, R., Gaudry, P., Joux, A., Thom\u00e9, E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: EUROCRYPT 2014, Volume 8441 of Lecture Notes in Computer Science, pp. 1\u201316. Springer, Berlin (2014)","DOI":"10.1007\/978-3-642-55220-5_1"},{"key":"334_CR5","doi-asserted-by":"crossref","unstructured":"Barreto, P.S.L.M., Costello, C., Misoczki, R., Naehrig, M., Pereira, G.C.C.F., Zanon, G.: Subgroup security in pairing-based cryptography. In: LATINCRYPT 2015, Volume 9230 of Lecture Notes in Computer Science, pp. 245\u2013265. Springer, Berlin (2015)","DOI":"10.1007\/978-3-319-22174-8_14"},{"key":"334_CR6","unstructured":"Barreto, P.S.L.M., Galbraith, S.D., hEigeartaigh, C.O., Scott, M.: Efficient pairing computation on supersingular abelian varieties. In: IACR Cryptology ePrint Archive, p. 375 (2004)"},{"key":"334_CR7","doi-asserted-by":"crossref","unstructured":"Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: CRYPTO 2002, Volume 2442 of LNCS, pp. 354\u2013368. Springer, Berlin (2002)","DOI":"10.1007\/3-540-45708-9_23"},{"key":"334_CR8","doi-asserted-by":"crossref","unstructured":"Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Proceedings of SAC 2005, Volume 3897 of LNCS, pp. 319\u2013331. Springer, Berlin (2006)","DOI":"10.1007\/11693383_22"},{"key":"334_CR9","doi-asserted-by":"crossref","unstructured":"Barrett, P.: Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor. In: Proceedings on Advances in Cryptology\u2014CRYPTO \u201986, pp. 311\u2013323. Springer, London (1987)","DOI":"10.1007\/3-540-47721-7_24"},{"key":"334_CR10","doi-asserted-by":"crossref","unstructured":"Boneh, D. Franklin, M.K.: Identity-based encryption from the Weil pairing. In: CRYPTO 2001, Volume 2139 of Lecture Notes in Computer Science, pp. 213\u2013229. Springer, Berlin (2001)","DOI":"10.1007\/3-540-44647-8_13"},{"key":"334_CR11","doi-asserted-by":"crossref","unstructured":"Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: CRYPTO 2005, Volume 3621 of Lecture Notes in Computer Science, pp. 258\u2013275. Springer, Berlin (2005)","DOI":"10.1007\/11535218_16"},{"key":"334_CR12","doi-asserted-by":"crossref","unstructured":"Cheung, R.C.C., Duquesne, S., Fan, J., Guillermin, N., Verbauwhede, I., Yao, G.X.: FPGA implementation of pairings using residue number system and lazy reduction. In: Cryptographic Hardware and Embedded Systems\u2014CHES 2011, Volume 6917 of LNCS, pp. 421\u2013441. Springer, Berlin (2011)","DOI":"10.1007\/978-3-642-23951-9_28"},{"key":"334_CR13","doi-asserted-by":"crossref","unstructured":"Chung, J., Hasan, M.A.: Asymmetric squaring formulae. In: 18th Symposium on Computer Arithmetic, IEEE Conference Publications, pp. 113\u2013122. Montpellier (2007)","DOI":"10.1109\/ARITH.2007.11"},{"key":"334_CR14","volume-title":"Handbook of Elliptic and Hyperelliptic Curve Cryptography","author":"H Cohen","year":"2012","unstructured":"Cohen, H., Frey, G., Avanzi, R., Doche, C., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography, 2nd edn. Chapman & Hall\/CRC, London (2012)","edition":"2"},{"key":"334_CR15","doi-asserted-by":"crossref","unstructured":"Costello, C., Lange, T., Naehrig, M.: Faster pairing computations on curves with high-degree twists. In: Nguyen, P.Q, Pointcheval, D. (eds.) Public Key Cryptography PKC 2010, Volume 6056 of Lecture Notes in Computer Science, pp. 224\u2013242. Springer, Berlin (2010)","DOI":"10.1007\/978-3-642-13013-7_14"},{"key":"334_CR16","volume-title":"Primes of the Form $$x^2+ny^2$$ x","author":"DA Cox","year":"1989","unstructured":"Cox, D.A.: Primes of the Form $$x^2+ny^2$$ x 2 + n y 2 . Wiley, New York (1989)"},{"key":"334_CR17","unstructured":"Devegili, A.J., O\u2019Eigeartaigh, C., Scott, M., Dahab, R.: Multiplication and squaring on pairing-friendly fields. IACR Cryptology ePrint Archive, page 471, (2006)"},{"key":"334_CR18","doi-asserted-by":"crossref","unstructured":"Devegili, A.J., Scott, M., Dahab, R.: Implementing cryptographic pairings over Barreto-Naehrig curves. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing-Based Cryptography - Pairing 2007. Pairing 2007. Lecture Notes in Computer Science, vol. 4575, pp. 197\u2013207. Springer, Berlin (2007)","DOI":"10.1007\/978-3-540-73489-5_10"},{"issue":"1","key":"334_CR19","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1515\/gcc-2016-0006","volume":"8","author":"S Duquesne","year":"2016","unstructured":"Duquesne, S., Ghammam, L.: Memory-saving computation of the pairing final exponentiation on BN curves. Groups Complexity Cryptology 8(1), 75\u201390 (2016)","journal-title":"Groups Complexity Cryptology"},{"key":"334_CR20","doi-asserted-by":"crossref","unstructured":"Fuentes-Casta\u00f1eda, F., Knapp, E., Rodr\u00edguez-Henr\u00edquez, F.: Faster hashing to $${\\mathbb{G}}_2$$ G 2 . In: Selected Areas in Cryptography\u201418th International Workshop, pp. 412\u2013430. Toronto, Revised Selected Papers (2011)","DOI":"10.1007\/978-3-642-28496-0_25"},{"issue":"8","key":"334_CR21","doi-asserted-by":"crossref","first-page":"1319","DOI":"10.1016\/j.jss.2011.03.083","volume":"84","author":"CCFP Geovandro","year":"2011","unstructured":"Geovandro, C.C.F.P., Simpl\u00edcio Jr., M.A., Naehrig, M., Barreto, P.S.L.M.: A family of implementation-friendly BN elliptic curves. J. Syst. Softw. 84(8), 1319\u20131326 (2011)","journal-title":"J. Syst. Softw."},{"key":"334_CR22","doi-asserted-by":"crossref","unstructured":"Giraud, C., Verneuil, V.: Atomicity improvement for elliptic curve scalar multiplication. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) Smart Card Research and Advanced Application, Volume 6035 of Lecture Notes in Computer Science, pp. 80\u2013101. Springer, Berlin (2010)","DOI":"10.1007\/978-3-642-12510-2_7"},{"key":"334_CR23","doi-asserted-by":"crossref","unstructured":"Granger, R., Scott, M.: Faster squaring in the cyclotomic subgroup of sixth degree extensions. In: Public Key Cryptography\u2014PKC 2010, 13th International Conference on Practice and Theory in Public Key Cryptography, Paris. Proceedings, pp. 209\u2013223 (2010)","DOI":"10.1007\/978-3-642-13013-7_13"},{"key":"334_CR24","doi-asserted-by":"crossref","unstructured":"Grewal, G., Azarderakhsh, R., Longa, P., Hu, S., Jao, D.: Efficient implementation of bilinear pairings on ARM processors. In: Knudsen, L.R., Huapeng, W. (eds.) Selected Areas in Cryptography, Volume 7707 of Lecture Notes in Computer Science, pp. 149\u2013165. Springer, Berlin (2013)","DOI":"10.1007\/978-3-642-35999-6_11"},{"key":"334_CR25","unstructured":"Guillevic, A.: Kim\u2013Barbulescu Variant of the Number Field Sieve to Compute Discrete Logarithms in Finite Fields. EllipticNews blog (2016). https:\/\/ellipticnews.wordpress.com\/2016\/05\/02\/"},{"key":"334_CR26","doi-asserted-by":"crossref","unstructured":"He\u00df, F.: Pairing lattices. In: Proceedings of Pairing 2008, Volume 5209 of LNCS, pp. 18\u201338 (2008)","DOI":"10.1007\/978-3-540-85538-5_2"},{"issue":"10","key":"334_CR27","doi-asserted-by":"crossref","first-page":"4595","DOI":"10.1109\/TIT.2006.881709","volume":"52","author":"F Hess","year":"2006","unstructured":"Hess, F., Smart, N.P., Vercauteren, F.: The eta pairing revisited. IEEE Trans. Inf. Theory 52(10), 4595\u20134602 (2006)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"334_CR28","doi-asserted-by":"crossref","unstructured":"Joux, A.: A new index calculus algorithm with complexity l(1\/4+o(1)) in small characteristic. In: Lange, T., Lauter, K., Lisonk, P0 (eds.) Selected Areas in Cryptography\u2014SAC 2013, Volume 8282 of Lecture Notes in Computer Science, pp. 355\u2013379. Springer, Berlin (2014)","DOI":"10.1007\/978-3-662-43414-7_18"},{"issue":"281","key":"334_CR29","doi-asserted-by":"crossref","first-page":"555","DOI":"10.1090\/S0025-5718-2012-02625-1","volume":"82","author":"K Karabina","year":"2013","unstructured":"Karabina, K.: Squaring in cyclotomic subgroups. Math. Comput. 82(281), 555\u2013579 (2013)","journal-title":"Math. Comput."},{"key":"334_CR30","doi-asserted-by":"crossref","unstructured":"Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: CRYPTO 2016, Volume 9814 of Lecture Notes in Computer Science, pp. 543\u2013571. Springer, Berlin (2016)","DOI":"10.1007\/978-3-662-53018-4_20"},{"key":"334_CR31","volume-title":"The Art of Computer Programming: Seminumerical Algorithms","author":"DE Knuth","year":"1997","unstructured":"Knuth, D.E.: The Art of Computer Programming: Seminumerical Algorithms, vol. 2, 3rd edn. Addison-Wesley Longman Publishing Co., Inc, Boston (1997)","edition":"3"},{"key":"334_CR32","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1007\/11586821_2","volume":"3796","author":"N Koblitz","year":"2005","unstructured":"Koblitz, N., Menezes, A.: Pairing-based cryptography at high security levels. Cryptogr. Coding 3796, 13\u201336 (2005)","journal-title":"Cryptogr. Coding"},{"key":"334_CR33","doi-asserted-by":"crossref","unstructured":"Lauter, K.E., Montgomery, P.L., Naehrig, M.: An analysis of affine coordinates for pairing computation. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing-Based Cryptography\u2014Pairing 2010\u20144th International Conference, Yamanaka Hot Spring, Japan. Proceedings, Volume 6487 of Lecture Notes in Computer Science, pp. 1\u201320. Springer, Berlin (2010)","DOI":"10.1007\/978-3-642-17455-1_1"},{"key":"334_CR34","doi-asserted-by":"crossref","unstructured":"Le, D.-P., Tan, C.H.: Speeding up ate pairing computation in affine coordinates. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) Information Security and Cryptology ICISC 2012, Volume 7839 of Lecture Notes in Computer Science, pp. 262\u2013277. Springer, Berlin (2013)","DOI":"10.1007\/978-3-642-37682-5_19"},{"issue":"4","key":"334_CR35","doi-asserted-by":"crossref","first-page":"1793","DOI":"10.1109\/TIT.2009.2013048","volume":"55","author":"E Lee","year":"2009","unstructured":"Lee, E., Lee, H.-S., Park, C.-M.: Efficient and generalized pairing computation on abelian varieties. IEEE Trans. Inf. Theory 55(4), 1793\u20131803 (2009)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"334_CR36","volume-title":"Finite Fields","author":"R Lidl","year":"1997","unstructured":"Lidl, R., Niederreiter, H.: Finite Fields. Cambridge University Press, Cambridge (1997)"},{"key":"334_CR37","doi-asserted-by":"crossref","unstructured":"Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: CRYPTO 1997, pp. 249\u2013263. Springer, Berlin (1997)","DOI":"10.1007\/BFb0052240"},{"issue":"7","key":"334_CR38","doi-asserted-by":"crossref","first-page":"1660","DOI":"10.1587\/transfun.E92.A.1660","volume":"92\u2013A","author":"S Matsuda","year":"2009","unstructured":"Matsuda, S., Kanayama, N., He\u00df, F., Okamoto, E.: Optimised versions of the Ate and twisted Ate pairings. IEICE Trans. 92\u2013A(7), 1660\u20131667 (2009)","journal-title":"IEICE Trans."},{"key":"334_CR39","unstructured":"Menezes, A., Sarkar, P., Singh, S.: Challenges with assessing the impact of nfs advances on the security of pairing-based cryptography. Cryptology ePrint Archive, Report 2016\/1102 (2016). http:\/\/eprint.iacr.org\/2016\/1102"},{"key":"334_CR40","unstructured":"Microsoft Research. MSR ECCLib v2.0. 2015"},{"issue":"4","key":"334_CR41","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1007\/s00145-004-0315-8","volume":"17","author":"SV Miller","year":"2004","unstructured":"Miller, S.V.: The Weil pairing, and its efficient calculation. J. Cryptol. 17(4), 235\u2013261 (2004)","journal-title":"J. Cryptol."},{"issue":"177","key":"334_CR42","doi-asserted-by":"crossref","first-page":"243","DOI":"10.1090\/S0025-5718-1987-0866113-7","volume":"48","author":"PL Montgomery","year":"1987","unstructured":"Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243\u2013264 (1987)","journal-title":"Math. Comput."},{"issue":"170","key":"334_CR43","doi-asserted-by":"crossref","first-page":"519","DOI":"10.1090\/S0025-5718-1985-0777282-X","volume":"44","author":"PL Montgomery","year":"1985","unstructured":"Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44(170), 519\u2013521 (1985)","journal-title":"Math. Comput."},{"key":"334_CR44","doi-asserted-by":"crossref","unstructured":"Naehrig, M., Niederhagen, R., Schwabe, P.: New software speed records for cryptographic pairings. In: LATINCRYPT 2010, Volume 6212 of LNCS, pp. 109\u2013123. Springer, Berlin (2010)","DOI":"10.1007\/978-3-642-14712-8_7"},{"key":"334_CR45","doi-asserted-by":"crossref","unstructured":"Nogami, Y., Akane, M., Sakemi, Y., Katou, H., Morikawa, Y.: Integer variable chi-based ate pairing. In: Pairing-Based Cryptography\u2014Pairing 2008, pp. 178\u2013191 (2008)","DOI":"10.1007\/978-3-540-85538-5_13"},{"key":"334_CR46","unstructured":"National\u00a0Institute of\u00a0Standard and Technology. Key Management (2007)"},{"key":"334_CR47","doi-asserted-by":"crossref","unstructured":"Rondepierre, F.: Revisiting atomic patterns for scalar multiplications on elliptic curves. In: Francillon, A., Rohatgi, P. (eds.) Smart Card Research and Advanced Applications, Volume 8419 of Lecture Notes in Computer Science, pp. 171\u2013186. Springer, Berlin (2014)","DOI":"10.1007\/978-3-319-14123-7_12"},{"key":"334_CR48","doi-asserted-by":"crossref","unstructured":"Scott, M., Barreto, P.S.L.M.: Compressed pairings. In: Advances in cryptology\u2014CRYPTO 2004, Volume 3152 of Lecture Notes in Computer Science, pp. 140\u2013156. Springer, Berlin (2004)","DOI":"10.1007\/978-3-540-28628-8_9"},{"key":"334_CR49","doi-asserted-by":"crossref","unstructured":"Scott, M., Benger, N., Charlemagne, M., Perez, L.J.D., Kachisa, E.J.: On the final exponentiation for calculating pairings on ordinary elliptic curves. In: Pairings 2009, Volume 5671 of LNCS, pp. 78\u201388. Springer, Berlin (2009)","DOI":"10.1007\/978-3-642-03298-1_6"},{"key":"334_CR50","doi-asserted-by":"crossref","unstructured":"Stam, M., Lenstra, A.K.: Efficient subgroup exponentiation in quadratic and sixth degree extensions. In: Cryptographic Hardware and Embedded Systems\u2014CHES 2002, 4th International Workshop, pp. 318\u2013332. Redwood Shores, Revised Papers (2002)","DOI":"10.1007\/3-540-36400-5_24"},{"key":"334_CR51","doi-asserted-by":"crossref","unstructured":"Unterluggauer, T., Wenger, E.: Efficient pairings and ECC for embedded systems. In: Batina, L., Robshaw, M. (eds.) Cryptographic Hardware and Embedded Systems CHES 2014, Volume 8731 of Lecture Notes in Computer Science, pp. 298\u2013315. Springer, Berlin (2014)","DOI":"10.1007\/978-3-662-44709-3_17"},{"key":"334_CR52","doi-asserted-by":"crossref","first-page":"455","DOI":"10.1109\/TIT.2009.2034881","volume":"56","author":"F Vercauteren","year":"2009","unstructured":"Vercauteren, F.: Optimal pairings. IEEE Trans. Inf. Theory 56, 455\u2013461 (2009)","journal-title":"IEEE Trans. Inf. Theory"}],"container-title":["Applicable Algebra in Engineering, Communication and Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00200-017-0334-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00200-017-0334-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00200-017-0334-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,28]],"date-time":"2019-09-28T04:23:32Z","timestamp":1569644612000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00200-017-0334-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,7,1]]},"references-count":52,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2018,3]]}},"alternative-id":["334"],"URL":"https:\/\/doi.org\/10.1007\/s00200-017-0334-y","relation":{},"ISSN":["0938-1279","1432-0622"],"issn-type":[{"value":"0938-1279","type":"print"},{"value":"1432-0622","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,7,1]]}}}