MIRACL contains several optimized implementations of pairings over various fields. A suite of IBE programs are described in the file IBE.TXT The fastest pairing code over F_p can be found in the files ake2.cpp and ake2ss.cpp, which implements a simple key exchange protocol, using non- supersingular and supersingular curves respectively. This uses an embedding degree of k=2, so the pairing e(P,Q) evaluates naturally as an element in F_p^2. P is a point on the elliptic curve E(Fp) and Q is a point on E'(F_p^{k/2}), or in this case E'(F_p) where E' is the twisted curve. Using compression the pairing evaluates as an element in F_p^{k/2}, or just Fp in this case. For higher levels of security it is recommended to increase the embedding degree and use non-supersingular curves - see ake4.cpp and ake8.cpp for examples. We use a "tower of extensions" to build an Fp^4 class on top of an Fp^2 class - see zzn2.h and zzn4.h Other pairing-relevant files.. DL.CPP - This implements the eta pairing over supersingular curves over F_{2^m} DL2.CPP - This implements the eta_T pairing over F_{2^m}. This is possibly the fastest known pairing. See Barreto, Galbraith, O'hEigeartaigh and Scott - http://eprint.iacr.org/2004/375 BANDW.CPP - This is actually an NTL program (!) which finds Brezing & Weng pairing friendly curves. MNT.CPP - Finds MNT non-supersingular pairing-friendly curves for k=3,4 or 6 FREEMAN.CPP - Finds k=10 ideal pairing-friendly curves FOLKLORE.CPP - Finds pairing friendly curves using Cocks-Pinch method. FINDBASE.CPP - Finds suitable basis for F_{2^m} fields IRRED.CPP - Finds a suitable irreducible polynomial for Fp^n WEIL.CPP - Finds the number of points on E(F_p^k) CM.CPP - Finds elliptic curve parameters using the method of Complex Multiplication AKE2.CPP - Implements Authenticated Key Exchange using k=2 non-supersingular curve AKE2SS.CPP - Implements Authenticated Key Exchange using k=2 supersingular curve AKE2T2.CPP - Implements Authenticated Key Exchange using Trace map homomorphism AKE4.CPP - Implements AKE using Cocks-Pinch k=4 curve AKE6.CPP - Implements AKE using MNT k=6 curve AKE6T.CPP - Implements AKE using sextic twist on a D=3, k=6 curve, using Ate pairing. NSS3.CPP - Faster pairings on a curve with an efficient endomorphism - see Scott Indocrypt 2005 NEWWEIL.CPP - Uses a modified and optimized version of the Weil pairing BN.CPP - Program to find suitable BN curves - see below AKE12.CPP - Implements AKE using Tate pairing on BN curves (k=12) AKE12T.CPP - Implements AKE using Ate pairing on BN curves (k=12) AKE12S.CPP - Implements AKE using Ate pairing on a k=12, rho=1.5 Barreto-Lynn-Scott curve The Boneh-Lynn-Shachem short signature scheme BLS_GEN.CPP - Generate the public and private parameters from an MNT curve BLS_SIGN.CPP - create a BLS short signature BLS_VER.CPP - verify a BLS short signature These example programs use the new power-pairing idea, which calculates E(P,Q,e) = e(P,Q)^e at no (significant) extra cost. See comments in programs. AKEW8.CPP - Implements the AKE using a low-rho Brezing & Weng k=8 curve. AKEW4.CPP - Implements AKE using a low-rho k=4 curve. AKE8.CPP - Implements AKE using a Cocks-Pinch k=8 curve HESS4.CPP - Implements AKE using ATE pairing - see The Eta Pairing Revisited by Hess, Smart, Vercauteren For more details on the evolution and implementation of these pairing algorithms, see ftp://ftp.computing.dcu.ie/pub/crypto/pairings.pdf