Re: Reduced Tate pairing in supersingular elliptic curves

Aleksandr Lenin on Tue, 17 Apr 2018 21:23:23 +0200

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: Reduced Tate pairing in supersingular elliptic curves

To: pari-users@pari.math.u-bordeaux.fr
Subject: Re: Reduced Tate pairing in supersingular elliptic curves
From: Aleksandr Lenin <aleksandr.lenin@cyber.ee>
Date: Tue, 17 Apr 2018 22:23:15 +0300
Autocrypt: addr=aleksandr.lenin@cyber.ee; prefer-encrypt=mutual; keydata= xsFNBFg+zhcBEADDEV0vMCFAkMGPnaEqsa4JnTUIGPrQvVkp5hCyVwTgHOzDTw4x3FljwbJ9 BoVI9V3d9j9OdxM6WSKlinjf7ZDFajzRo+O1aevXuJNAdXyWsCfdgKP9zsxcdf2pcgkTSh4j I2fFkjndylGYPrSbKFLdZz+SngY+wXAEQ1CcKSAmwm2Gd5qqXgjErIFtvRtcRnH+0z4/Hbw0 5BPASCpdmrfu/ALvM6YWi4Bskqz6TAtsFdqJV1MpWBwU56CdLgt3q8SOoBOzJBIF329OPW/O BIXdByfeA4Z7HVLLjQM/D5CPRvjBRJw5tfTd5dAH30uJDF3C88DE4mpZrR8dRrSuFhBEacSO MU6UoBm8q3V6yeRv9zQENDBXa+StTTOYKR2DI+7pLFzfYBRMu18IdgPoG7Vyzo9T+SSvRkb/ csGS7uwpwzNXLQ7GM4xAguBmlWUBWuJRH+t5+zPJ9a2k9bYpwos72PkPGdss4/xDu/d9p04Z xkXLj3RbPWac8B6wxkt6spuDni8W1N2KIDV8Gbe5wDzEns/ebVaH/oSC0UZaDQVW2ye4jCpL hnn7K23FBGe6xwiD8RzIEHkrTv/M2XoLvt0vkNouquliZSRmLfJA11M+50kOhdd+GntLhob0 zZjYhxv7pJjGW10XpqDE4tP205zrjU/oyn5XQY7IMDrbjCJT3wARAQABzSpBbGVrc2FuZHIg TGVuaW4gPGFsZWtzYW5kci5sZW5pbkBjeWJlci5lZT7CwX0EEwEIACcFAlg+zhcCGyMFCQlm AYAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ4HByBsz4rF0OURAAjs3Ehe+8EAjhgv0O rKy6SALX2qVPiviwqg4i67HE8E2pJcZNivma8s/6V2VJClzvTpDzW/u5hPVJVJrMBkE+SdQp Z+3GrFUTIElocJWIboqRyTx/h8mHKTjIM9dcJxvnsxxP2l9UoNMr2Dcl3r0v6YMgB1XxiRg5 PROVWlR0do+b6cQb89fLTvngqd9NhpRBgxNqf0HrjAYFuDRXNu5AOlAlKajPc1K0A5B8K0za 4G8jUMipX2/y6iqpjIm73rKvFZVgRlXYlcz+rS6Uhi5ee4/zi8Z3roN9GZ+NzbUV8culwBu0 VhoSXqCfWqdhzCluTw/BWuWbkZ9MENPEhmXmoAK+wmMNXQHVXo602Cjn8xJeYXjoY8cAb7MX SBOYBF4yviTuFHvXiYROxjNsE53i/R4qJEb1Br2So/6oM1jQZ8vWFeE8UlDYsw9UnLgu0tQF iN+O14Az7Ohn367u4kxHnmAyJpxOkJwkzvGejbavyjCg0PkivZfu0Fnfg9JsCdcxMWYTActu GY87rnxx7EGk9VBjmfmtUO0d+MrwL32GyT18KyIGN6H6evJJBp/5hNsh8pDfXwzvHebEADOo BEeQspzAfmc1A92PZLqbXMC62PWz0ULWRzTI20s0AijLwoQFTNgM4n2am4ma+QyyS9gtsvZD lS9BlHOEYkcHOJetdUvOwU0EWD7OFwEQALnjVZAmxrQixWfoQH7DgUNvHD31VDKIU1RZVrgm 43PxrxTVWwAjVm+ZwKqHgUbZeeiQy+mIZN9yL7LNvEtxT3LV2SlUSG0Q7NemQry5+kMbYgyF CVIBp+/5Abay6wBtTk3y/Gk7ZcoDBxxuaMy2bzqFBq1JPmQYWMMWCU7U/mBnJGd8NUaxE016 9QNkJnQsuxHX5IS13qSD3VOAvnqEMcJQxF1HqXTtOG7j3bmkNAgd+uKR/l6tyhr9BqYlguvX JAKipUGBxySHkXdvUledNw3qVqYCzy7+UT/Rjza/mlIDEkFEgevEIGB/u74lr60TnB0FDHQG 7B8p8gT5phNJZQvYxEz/htoUOmuKEAYezY/CFRGS4v1Xzqt5AlXBoorV8YkbMhv1f6H2Y17m RFgIboBYxU66JMKx3AiZMhAg0RpTQgQMsjxKVFEPFTFBsu7rQ76NEFdImjsIG/T0iJSbJYTV QLE/ceRK5mWn8m8PPdSWsERkQIFeUGziMeGZ8MfjeUg33fmt1sf8HW5nPSbsaguMguLYYHiW lSVjUXYCfcXqUdGIm1BrxTI/kThzvD+FFtt5QhLHi7/NxU0IF5AmqKlNO5p7hNgVTQayHzJb 8bR8PdFYXCUuNejO3zeiuWH4Pg1pIc0I/wDnTmkQAhH4O67mmy6RylzhmwAeNeCe/izvABEB AAHCwWUEGAEIAA8FAlg+zhcCGwwFCQlmAYAACgkQ4HByBsz4rF32TRAAl2l5BXnp8Rvnm5Vv 2ZqFRTpVMzVQiH3FsDh7WdA9yzz4xOYxDLmnyOA1Ag4hK2RrotdhLCyNV7VAcXixHwufpXa1 hnXQRGTxRQ/83RHDdhTDYmXgseuJ4A/IUg12Ub10HmdnxHVaF2QT7tbB9Fa9o5DA2DHM4cWQ BhMRjsagVa7PtzadyvrtdXYHunSRh3O2hOMP0w/goU/INL4bqhl7le8qpHIV0K8WQMQHWkuu 5cB6nmsTegFXy3fi0//GN/dtzz9HyCOm2N20rijcuMbNrTSclCOxCUV9mwyTiGQEwOhOhMgH RgbeNUp0nA9P6Q/lANJt0I2qNKZVWV4FtUzzPPMSSz25v39hbiNgT4p3DNYiw8E1rgFj/h0F K0KK16nSao2y62f/p/+pBajYAIPT/z4p80FRK3r7Pauy7LXQya8h+mGiyuY46ZPFQb3xjeZg /1hu5akwrnp8ME54zvzSk86L4zH4XZ20vdU1j7wY8oFbFVdjIDuUfb1XorWRe1aI54Nb+JZm xzBfZwpxmg1i1IMjCRWthVqQdg6oPcabXDrGM4GzJu9UnMLJIGpeUXnhV1VaMCcBBcvc4bwD 6BdW5CFGkncegvQTRnzN8J422a8awuedG0dZtH4OmHn61OZEfrZQWis8UFX2j4gL1HnqdEav ekgdeiobwetd5TJhNf8=
Delivery-date: Tue, 17 Apr 2018 21:23:23 +0200
In-reply-to: <1f4d9137-c75d-3e6c-3120-bf536887e010@cyber.ee>
Openpgp: preference=signencrypt
References: <1f4d9137-c75d-3e6c-3120-bf536887e010@cyber.ee>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0

In this particular case, the two point do not necessarily belong to the
t-torsion. Nevertheless, the pairing should be non-trivial, as shown in
the random pairing example, where a reduced pairing between p1 and a
random point on an elliptic curve produces non-trivial result, but with
the inputs I am using the result is 1.

On 04/17/2018 10:10 PM, Aleksandr Lenin wrote:
> Hi all,
> 
> I have stepped across the case when I get a trivial value 1 for the
> reduced Tate pairing for seemingly legit inputs. Both inputs belong to
> the r-torsion, point 1 is defined over the base-field subgroup, point 2
> does not belong to the base-field subgroup (and it shouldn't, as the
> reduced Tate pairing is supposed to return 1 if two points belong to the
> same subgroup). But the result is nevertheless 1, although in theory it
> looks like it shouldn't.
> 
> I attach the C++ code for libPARI with inputs and the code I was using
> to produce this result.
> 
> I would be grateful for any advice on why could this happen, possible
> fixes, and possible ways to optimize this code a bit so that it would
> work faster (I know the code is ugly, I am a beginner PARI user).
> 
> Thanks in advance,
> 

-- 
With kind regards,

Aleksandr Lenin
Researcher
Information Security Research Institute
Cybernetica AS
Mäealuse 2/1, 12618 Tallinn, ESTONIA
www.cybernetica.eu

References:
- Reduced Tate pairing in supersingular elliptic curves
  - From: Aleksandr Lenin <aleksandr.lenin@cyber.ee>

Prev by Date: Reduced Tate pairing in supersingular elliptic curves
Next by Date: Re: Reduced Tate pairing in supersingular elliptic curves
Previous by thread: Reduced Tate pairing in supersingular elliptic curves
Next by thread: Re: Reduced Tate pairing in supersingular elliptic curves
Index(es):
- Date
- Thread