Finite field representation

[Giuseppe D'Alconzo]

Hi all,

I am working on pairing based cryptography, in particular with Type 3 pairings with embedding degree 6 and 12 and I need to check results with another library (eg. MAGMA).

I am interested in how elements of the target group GT (and of the finite field F_{q^k} ) are represented.

For example one element of F_{q^6} is

[[3682, 1329, 512], [1548, 543, 4078]]

but I would expect a 6-tuple and not two triples.

When k=2 I can easily find the right representation.

Thanks in advance

[Giuseppe D'Alconzo]

It was an easy question. Here is the answer:

In the PBC Lib's manual, for each curve are reported some parameters. Here there are coefficients of polynomials used in the field extensions, for example:

coeff0
coeff1
coeff2

nqr

Then f1=x^3 + coeff0*x^2 + coeff1*x + coeff0, and f2=x^2 - nqr.

This leads to another question: why this kind of representation is chosen instead of a 6-degree polynomial? (Just out of curiosity this time)

[Diego F. Aranha]

Hi Giuseppe,

It's just easier to implement a "towering" of finite field extensions, usually 2 and 3.

You can also represent field elements as polynomials in the full degree, conversion should be just permutation of coefficients.

Best,

--

Diego Aranha

--
You received this message because you are subscribed to the Google Groups "Charm-Crypto Help" group.
To unsubscribe from this group and stop receiving emails from it, send an email to charm-crypto...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Giuseppe D'Alconzo]

Thanks for the answer Diego.

Giuseppe

To unsubscribe from this group and stop receiving emails from it, send an email to charm-...@googlegroups.com.