“…However, squaring is more optimized by using Devegili et al's [11] complex squaring technique which cost 2M p + 4A p + 2m α for one squaring operation in F p 2 . In total it costs 54M p for one squaring in F p 16 . Table 1 shows the operation estimation for F p 16 .…”
Section: Extension Field Arithmetic and Toweringmentioning
confidence: 99%
“…In total it costs 54M p for one squaring in F p 16 . Table 1 shows the operation estimation for F p 16 . Table 2 shows the operation estimation for F p 12 according to the towering shown in Eq.…”
Section: Extension Field Arithmetic and Toweringmentioning
confidence: 99%
“…As said before, this work is focused on Miller's algorithm. However, the authors made a "not state-of-art" implementation of some final exponentiation algorithms [16,14,17]. Table 11 shows the total final exponentiation time in [ms].…”
Section: Pseudo 8-sparse Multiplication For Kss-16 Curvementioning
confidence: 99%
“…Zhang et al [31] have shown the computational estimation of the Miller's loop and proposed efficient final exponentiation for 192-bit security level in the context of OptimalAte pairing over KSS-16 curve. A few years later Ghammam et al [16] have shown that KSS-16 is the best suited for multi-pairing (i.e., the product and/or the quotient) when the number of pairing is more than two. Ghammam et al [16] also corrected the flaws of proposed final exponentiation algorithm by Zhang et al [31] and proposed a new one and showed the vulnerability of Zhang's parameter settings against small subgroup attack.…”
Section: Introductionmentioning
confidence: 99%
“…A few years later Ghammam et al [16] have shown that KSS-16 is the best suited for multi-pairing (i.e., the product and/or the quotient) when the number of pairing is more than two. Ghammam et al [16] also corrected the flaws of proposed final exponentiation algorithm by Zhang et al [31] and proposed a new one and showed the vulnerability of Zhang's parameter settings against small subgroup attack. The recent development of NFS by Kim and Barbulescu [21] requires updating the parameter selection for all the existing pairings over the well known pairing-friendly curve families such as BN [5], BLS [13] and KSS [19].…”
“…However, squaring is more optimized by using Devegili et al's [11] complex squaring technique which cost 2M p + 4A p + 2m α for one squaring operation in F p 2 . In total it costs 54M p for one squaring in F p 16 . Table 1 shows the operation estimation for F p 16 .…”
Section: Extension Field Arithmetic and Toweringmentioning
confidence: 99%
“…In total it costs 54M p for one squaring in F p 16 . Table 1 shows the operation estimation for F p 16 . Table 2 shows the operation estimation for F p 12 according to the towering shown in Eq.…”
Section: Extension Field Arithmetic and Toweringmentioning
confidence: 99%
“…As said before, this work is focused on Miller's algorithm. However, the authors made a "not state-of-art" implementation of some final exponentiation algorithms [16,14,17]. Table 11 shows the total final exponentiation time in [ms].…”
Section: Pseudo 8-sparse Multiplication For Kss-16 Curvementioning
confidence: 99%
“…Zhang et al [31] have shown the computational estimation of the Miller's loop and proposed efficient final exponentiation for 192-bit security level in the context of OptimalAte pairing over KSS-16 curve. A few years later Ghammam et al [16] have shown that KSS-16 is the best suited for multi-pairing (i.e., the product and/or the quotient) when the number of pairing is more than two. Ghammam et al [16] also corrected the flaws of proposed final exponentiation algorithm by Zhang et al [31] and proposed a new one and showed the vulnerability of Zhang's parameter settings against small subgroup attack.…”
Section: Introductionmentioning
confidence: 99%
“…A few years later Ghammam et al [16] have shown that KSS-16 is the best suited for multi-pairing (i.e., the product and/or the quotient) when the number of pairing is more than two. Ghammam et al [16] also corrected the flaws of proposed final exponentiation algorithm by Zhang et al [31] and proposed a new one and showed the vulnerability of Zhang's parameter settings against small subgroup attack. The recent development of NFS by Kim and Barbulescu [21] requires updating the parameter selection for all the existing pairings over the well known pairing-friendly curve families such as BN [5], BLS [13] and KSS [19].…”
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.