public final class AtePairingOverBarretoNaehrigCurveFactory extends Object
Pairing for Barreto-Naehrig curves. The
factory supports both Type-2 and Type-3 pairings. The first group is always
the Barreto-Naehrig curve over a prime field. Depending on the type, the
second group is either a subgroup of the sextic twist of the Barreto-Naehrig
curve, or the curve over the degree 12 extension field.
The factory supports multiple methods to specify the desired Barreto-Naehrig
curve. It is possible to specify a curve by the BN parameter x.
In that case, a curve will be selected as specified in [1]. If no such curve
exists, the second part of [2, Algorithm 1] will be used to find a curve.
The second method allows a curve to be specified by the size of the base
field in bits. Curves for the base field size of 160, 168, 176, 184, 190,
192, 200, 208, 216, 222, 224, 232, 240, 248, 254, 256, 264, 272, 280, 286,
288, 296, 304, 312, 318, 320, 328, 336, 344, 350, 352, 360, 368, 376, 382,
384, 392, 400, 408, 414, 416, 424, 432, 440, 446, 448, 456, 464, 472, 478,
480, 488, 496, 504, 510, 512, 542, 574, 606, and 638 bits will be selected
from [3] and [2, Table 1]. Otherwise, a BN parameter x will be
computed with the first part of [2, Algorithm 1] for the given size and the
first method will be applied.
The third method allows to specify predefined names for curves. These curves are taken from [4, 5, 6, 7]. The supported names are
The factory defaults to using (extended) Jacobian coordinates for curve
operation and uses projective coordinates to calculate the pairings. Whenever
a function expects a coordinate system and null is provided by
the caller, then the default system will be used.
References:
[1] G. Pereira, M. Simplíco Jr, M. Naehrig, P. Barreto. A Family of Implementation-Friendly BN Elliptic Curves.
[2] P. Barreto, M. Naehrig. Pairing-Friendly Elliptic Curves of Prime Order
[3] BNPairings. https://code.google.com/p/bnpairings/
[4] relic-toolkit. https://github.com/relic-toolkit/relic
[5] libsnark. https://github.com/scipr-lab/libsnark
[6] D. Aranha, K. Karabina, P. Longa, C. Gebotys, J. López. Faster Explicit Formulas for Computing Pairings over Ordinary Curves.
[7] FIDO ECDAA Algorithm, FIDO Alliance Implementation Draft 02 February 2017. https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/fido-ecdaa-algorithm-v1.1-id-20170202.html
| Modifier and Type | Method and Description |
|---|---|
static Pairing |
getPairing(PairingTypes pairingTypes,
BigInteger x)
The factory method.
|
static Pairing |
getPairing(PairingTypes pairingTypes,
BigInteger x,
BigInteger c,
BigInteger d,
BarretoNaehrigCurveCDType bType,
PrimeCurveCoordinateTypes curveType)
Create a new pairing instance for the given Barreto-Naehrig curve.
|
static Pairing |
getPairing(PairingTypes pairingTypes,
BigInteger x,
BigInteger b,
PrimeCurveCoordinateTypes curveType)
Create a new pairing instance for the given Barreto-Naehrig curve.
|
static Pairing |
getPairing(PairingTypes pairingTypes,
BigInteger x,
PrimeCurveCoordinateTypes curveType)
The factory method.
|
static Pairing |
getPairing(PairingTypes pairingTypes,
int bitLength)
The factory method.
|
static Pairing |
getPairing(PairingTypes pairingTypes,
int bitLength,
PrimeCurveCoordinateTypes curveType)
The factory method.
|
static Pairing |
getPairing(PairingTypes pairingTypes,
String name)
The factory method.
|
static Pairing |
getPairing(PairingTypes pairingTypes,
String name,
PrimeCurveCoordinateTypes curveType)
The factory method.
|
public static Pairing getPairing(PairingTypes pairingTypes, BigInteger x, PrimeCurveCoordinateTypes curveType)
pairingTypes - type of pairingx - BN curve parametercurveType - curve coordinate system; If curve operations are more important
and more extensively used than pairing evaluations, it is
recommended to use (extended) Jacobian coordinates instead. Since
affine coordinates are not supported in this context, a selection
of this option will default to projective coordinates. Selecting
Jacobian coordinates will default either to Jacobian or extended
Jacobian coordinates---depending on the set optimization level
ECCelerate.setOptimizationLevel(iaik.security.ec.provider.OptimizationLevel)public static Pairing getPairing(PairingTypes pairingTypes, BigInteger x, BigInteger b, PrimeCurveCoordinateTypes curveType)
b is given and no curve with the given b was
queried before, b + 1 needs to be a quadratic residue in the
base field or c and d for the sub-family from [1]
can be found using a heuristic.pairingTypes - type of pairingx - parameter from which BN curve parameters are derivedb - BN curve coefficientcurveType - curve coordinate system; If curve operations are more important
and more extensively used than pairing evaluations, it is
recommended to use (extended) Jacobian coordinates instead. Since
affine coordinates are not supported in this context, a selection
of this option will default to projective coordinates. Selecting
Jacobian coordinates will default either to Jacobian or extended
Jacobian coordinates---depending on the set optimization level
ECCelerate.setOptimizationLevel(iaik.security.ec.provider.OptimizationLevel)public static Pairing getPairing(PairingTypes pairingTypes, BigInteger x, BigInteger c, BigInteger d, BarretoNaehrigCurveCDType bType, PrimeCurveCoordinateTypes curveType)
c, d and bType are given, only
curves of the sub family described in [1] are considered.pairingTypes - type of pairingx - parameter from which BN curve parameters are derivedc - partial parameter for bd - partial parameter for bbType - determines how b is derived from c and
dcurveType - curve coordinate system; If curve operations are more important
and more extensively used than pairing evaluations, it is
recommended to use (extended) Jacobian coordinates instead. Since
affine coordinates are not supported in this context, a selection
of this option will default to projective coordinates. Selecting
Jacobian coordinates will default either to Jacobian or extended
Jacobian coordinates---depending on the set optimization level
ECCelerate.setOptimizationLevel(iaik.security.ec.provider.OptimizationLevel)public static Pairing getPairing(PairingTypes pairingTypes, BigInteger x)
pairingTypes - type of pairingx - parameter from which BN curve parameters are derivedpublic static Pairing getPairing(PairingTypes pairingTypes, String name, PrimeCurveCoordinateTypes curveType)
pairingTypes - type of pairingname - BN curve namecurveType - curve coordinate system; If curve operations are more important
and more extensively used than pairing evaluations, it is
recommended to use (extended) Jacobian coordinates instead. Since
affine coordinates are not supported in this context, a selection
of this option will default to projective coordinates. Selecting
Jacobian coordinates will default either to Jacobian or extended
Jacobian coordinates---depending on the set optimization level
ECCelerate.setOptimizationLevel(iaik.security.ec.provider.OptimizationLevel)public static Pairing getPairing(PairingTypes pairingTypes, String name)
pairingTypes - type of pairingname - BN curve namepublic static Pairing getPairing(PairingTypes pairingTypes, int bitLength, PrimeCurveCoordinateTypes curveType)
pairingTypes - type of pairingbitLength - bit length of the prime field used to construct curve 1curveType - curve coordinate system; If operations on the two curves are more
important and more extensively used than pairing evaluations, it
is recommended to use (extended) Jacobian coordinates instead.
Since affine coordinates are not supported in this context, a
selection of this option will default to projective coordinates.
Selecting Jacobian coordinates will default either to Jacobian or
extended Jacobian coordinates---depending on the set optimization
level
ECCelerate.setOptimizationLevel(iaik.security.ec.provider.OptimizationLevel)public static Pairing getPairing(PairingTypes pairingTypes, int bitLength)
pairingTypes - type of pairingbitLength - bit length of the prime field used to construct curve 1Copyright © 2011–2022 Stiftung SIC. All rights reserved.