“…Several architectures for the computation of cryptographic pairings have been proposed in the literature [14,15,16,17,18,19,20,21,22,23,24,25,26]. All these implementations use supersingular curves over fields of characteristic 2 or 3, achieving only very low security levels, sometimes even below 80 bit.…”