Skip to main content
SpringerLink
Log in

Optimized and Secure Pairing-Friendly Elliptic Curves Suitable for One Layer Proof Composition

  • Conference paper
  • First Online:
Cryptology and Network Security (CANS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12579))

Included in the following conference series:

Abstract

A zero-knowledge proof is a method by which one can prove knowledge of general non-deterministic polynomial (NP) statements. SNARKs are in addition non-interactive, short and cheap to verify. This property makes them suitable for recursive proof composition, that is proofs attesting to the validity of other proofs. To achieve this, one moves the arithmetic operations to the exponents. Recursive proof composition has been empirically demonstrated for pairing-based SNARKs via tailored constructions of expensive pairing-friendly elliptic curves namely a pair of 753-bit MNT curves, so that one curve’s order is the other curve’s base field order and vice-versa. The ZEXE construction restricts to one layer proof composition and uses a pair of curves, BLS12-377 and CP6-782, which improve significantly the arithmetic on the first curve. In this work we construct a new pairing-friendly elliptic curve to be used with BLS12-377, which is STNFS-secure and fully optimized for one layer composition. We propose to name the new curve BW6-761. This work shows that it is at least five times faster to verify a composed SNARK proof on this curve compared to the previous state-of-the-art, and proposes an optimized Rust implementation that is almost thirty times faster than the one available in ZEXE library.

Full version available on eprint at https://eprint.iacr.org/2020/351.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    r needs to divide \(q^k-1\) for \(k \in _{\mathbb {N}^*} \llbracket 1, 20 \rrbracket \), thus \(r=1\) is the only solution.

References

  1. Aranha, D.F., Karabina, K., Longa, P., Gebotys, C.H., López, J.: Faster explicit formulas for computing pairings over ordinary curves. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 48–68. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_5

    Chapter  Google Scholar 

  2. Arène, C., Lange, T., Naehrig, M., Ritzenthaler, C.: Faster computation of the tate pairing. J. Number Theory 131(5, Elliptic Curve Cryptography), 842–857 (2011). https://doi.org/10.1016/j.jnt.2010.05.013, http://cryptojedi.org/papers/#edpair

  3. Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M.: SNARKs for C: verifying program executions succinctly and in zero knowledge. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 90–108. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_6

    Chapter  MATH  Google Scholar 

  4. Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Scalable zero knowledge via cycles of elliptic curves. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 276–294. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_16

    Chapter  Google Scholar 

  5. Bernstein, D.J., Hamburg, M., Krasnova, A., Lange, T.: Elligator: elliptic-curve points indistinguishable from uniform random strings. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 967–980. ACM Press, November 2013. https://doi.org/10.1145/2508859.2516734

  6. Bowe, S.: BLS12-381: New zk-SNARK elliptic curve construction (2017). https://electriccoin.co/blog/new-snark-curve/

  7. Bowe, S., Chiesa, A., Green, M., Miers, I., Mishra, P., Wu, H.: Zexe: enabling decentralized private computation. In: 2020 IEEE Symposium on Security and Privacy (SP), Los Alamitos, CA, USA, pp. 1059–1076. IEEE Computer Society, May 2020. https://www.computer.org/csdl/proceedings-article/sp/2020/349700b059/1i0rIqoBYD6

  8. Brier, E., Coron, J.-S., Icart, T., Madore, D., Randriam, H., Tibouchi, M.: Efficient indifferentiable hashing into ordinary elliptic curves. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 237–254. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_13

    Chapter  Google Scholar 

  9. Celo: BLS-ZEXE: BLS signatures verification inside a SNARK proof (2019). https://github.com/celo-org/bls-zexe

  10. Chatterjee, S., Sarkar, P., Barua, R.: Efficient computation of Tate pairing in projective coordinate over general characteristic fields. In: Park, C., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 168–181. Springer, Heidelberg (2005). https://doi.org/10.1007/11496618_13

    Chapter  Google Scholar 

  11. Cheon, J.H.: Discrete logarithm problems with auxiliary inputs. J. Cryptol. 23(3), 457–476 (2009). https://doi.org/10.1007/s00145-009-9047-0

    Article  MathSciNet  MATH  Google Scholar 

  12. Chiesa, A., Chua, L., Weidner, M.: On cycles of pairing-friendly elliptic curves. SIAM J. Appl. Algebra Geo. 3(2), 175–192 (2019). https://doi.org/10.1137/18M1173708

    Article  MathSciNet  MATH  Google Scholar 

  13. Costello, C., Lange, T., Naehrig, M.: Faster pairing computations on curves with high-degree twists. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 224–242. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13013-7_14

    Chapter  Google Scholar 

  14. EY-Blockchain: Nightfall: an open source suite of tools designed to enable private token transactions over the public Ethereum blockchain (2019). https://github.com/EYBlockchain/nightfall

  15. Fouque, P.-A., Tibouchi, M.: Indifferentiable hashing to Barreto–Naehrig curves. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol. 7533, pp. 1–17. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33481-8_1

    Chapter  Google Scholar 

  16. Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. J. Cryptol. 23(2), 224–280 (2010). https://doi.org/10.1007/s00145-009-9048-z

    Article  MathSciNet  MATH  Google Scholar 

  17. Fuentes-Castañeda, L., Knapp, E., Rodríguez-Henríquez, F.: Faster Hashing to \(\mathbb{G}_2\). In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 412–430. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28496-0_25

    Chapter  Google Scholar 

  18. Gallant, R.P., Lambert, R.J., Vanstone, S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 190–200. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_11

    Chapter  Google Scholar 

  19. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989). https://doi.org/10.1137/0218012

    Article  MathSciNet  MATH  Google Scholar 

  20. Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 305–326. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_11

    Chapter  Google Scholar 

  21. Guillevic, A., Masson, S., Thomé, E.: Cocks–Pinch curves of embedding degrees five to eight and optimal ate pairing computation. Des. Codes Crypt. 88(6), 1047–1081 (2020). https://doi.org/10.1007/s10623-020-00727-w

    Article  MathSciNet  MATH  Google Scholar 

  22. Guillevic, A., Singh, S.: On the alpha value of polynomials in the tower number field sieve algorithm. Cryptology ePrint Archive, Report 2019/885 (2019). https://eprint.iacr.org/2019/885

  23. Karabina, K.: Squaring in cyclotomic subgroups. Math. Comput. 82(281), 555–579 (2013). https://doi.org/10.1090/S0025-5718-2012-02625-1

    Article  MathSciNet  MATH  Google Scholar 

  24. scipr lab: ZEXE rust implementation (2018). https://github.com/scipr-lab/zexe

  25. Lauter, K., Montgomery, P.L., Naehrig, M.: An analysis of affine coordinates for pairing computation. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 1–20. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17455-1_1

    Chapter  MATH  Google Scholar 

  26. Meckler, I., Shapiro, E.: Coda: decentralized cryptocurrency at scale. O(1) Labs whitepaper (2018). https://cdn.codaprotocol.com/v2/static/coda-whitepaper-05-10-2018-0.pdf

  27. ProtocolLabs: Filecoin: a decentralized storage network (2017). https://filecoin.io/filecoin.pdf

  28. Shallue, A., van de Woestijne, C.E.: Construction of rational points on elliptic curves over finite fields. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 510–524. Springer, Heidelberg (2006). https://doi.org/10.1007/11792086_36

    Chapter  Google Scholar 

  29. Vercauteren, F.: Optimal pairings. IEEE Trans. Inf. Theory 56(1), 455–461 (2010). https://doi.org/10.1109/TIT.2009.2034881

    Article  MathSciNet  MATH  Google Scholar 

  30. Wahby, R.S., Boneh, D.: Fast and simple constant-time hashing to the BLS12-381 elliptic curve. IACR TCHES 2019(4), 154–179 (2019). https://doi.org/10.13154/tches.v2019.i4.154-179

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. EY Blockchain, Paris, France

    Youssef El Housni

  2. LIX, CNRS, École Polytechnique, Institut Polytechnique de Paris, Palaiseau, France

    Youssef El Housni

  3. Inria, Palaiseau, France

    Youssef El Housni

  4. Université de Lorraine, CNRS, Inria, LORIA, Nancy, France

    Aurore Guillevic

Authors
  1. Youssef El Housni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aurore Guillevic
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Youssef El Housni .

Editor information

Editors and Affiliations

  1. AIT Austrian Institute of Technology GmbH, Vienna, Austria

    Stephan Krenn

  2. Fraunhofer SIT, Darmstadt, Germany

    Haya Shulman

  3. IC LASEC, EPFL, Lausanne, Switzerland

    Serge Vaudenay

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

El Housni, Y., Guillevic, A. (2020). Optimized and Secure Pairing-Friendly Elliptic Curves Suitable for One Layer Proof Composition. In: Krenn, S., Shulman, H., Vaudenay, S. (eds) Cryptology and Network Security. CANS 2020. Lecture Notes in Computer Science(), vol 12579. Springer, Cham. https://doi.org/10.1007/978-3-030-65411-5_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-65411-5_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-65410-8

  • Online ISBN: 978-3-030-65411-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation