Curve Generators

A bilinear map is initialized upon a set of parameters which describe the elliptic curve to be used. Depending on the type of the bilinear map the right curve parameters generator must be chosen.
A generator is an instance of the it.unisa.dia.gas.jpbc.CurveGenerator interface. Once generated the curve parameters can be accessed through the it.unisa.dia.gas.jpbc.CurveParameters interface.

To generate the curve parameters do the following: 

import it.unisa.dia.gas.jpbc.CurveGenerator;

// Init the generator...
CurveGenerator curveGenerator = ...

// Generate the parameters...
CurveParameters params = curveGenerator.generate();

// Print them on the screen...
System.out.println(params);

To load the curve parameters stored in a file use the following code: 

import it.unisa.dia.gas.plaf.jpbc.pairing.PairingFactory;

CurveParameters params = PairingFactory.getInstance().loadCurveParameters("curve.properties");

The curve parameters generated by PBC can used by jPBC without any known issue.

Type A

Type A pairings are constructed on the curve y 2 = x 3 + x over the field F_q for some prime q = 3 mod 4. Both G1 and G2 are the group of points E(F_q), so this pairing is symmetric. The order r is some prime factor of q + 1.

Look here for further information.

To use the generator use the following:

  1. The generator provided by the plaf module: 

    import it.unisa.dia.gas.plaf.jpbc.pairing.a.TypeACurveGenerator;

// Init the generator...
int rBits = 160;
int qBits = 512;
CurveGenerator curveGenerator = new TypeACurveGenerator(rBits, qBits);

  2. The PBC Wrapper: 

    import it.unisa.dia.gas.plaf.jpbc.pbc.curve.PBCTypeACurveGenerator;

CurveGenerator curveGenerator = new PBCTypeACurveGenerator(rBits, qBits);

A possible output is the following: 

type a
q 465809987686528456433820509097680573834273641761786625424840043538076876234206562893647511212987092957977148064442773937804178448677347985356293095456645127477393452799268540178681508542821146778364147034844106669722022646576596992464142988530545981117480553980249934026929905052860956552125783505432963737819
r 3064991081731777716716683913095816541402266270741561343
h 151977599694462091499092633437896417267123966707330122064236513303248082476057667316431706285338864463131479496744469238202934278366549234322011829000890272345051427129683698149410512911997114723483146377405442651416064741977609291895013018610051943208740
exp1 103
exp2 181
sign0 -1
sign1 -1

Type A1 uses the same equation, but have different fields. It supports field of composite order.

To use the generator use the following:

  1. The generator provided by the plaf module: 

    import it.unisa.dia.gas.plaf.jpbc.pairing.a1.TypeA1CurveGenerator;

// Init the generator...
CurveGenerator curveGenerator = new TypeA1CurveGenerator(
    3,  // the number of primes
    517 // the bit lenght of each prime
);

  2. Using the PBC Wrapper it is not possible to specify neither the number of primes nor the bitlength of each prime. The generator uses two primes of 512 bit length each. 

    import it.unisa.dia.gas.plaf.jpbc.pbc.curve.PBCTypeA1CurveGenerator;

CurveGenerator curveGenerator = new PBCTypeA1CurveGenerator();

A possible output is the following: 

type a1
p 366367488891996953464177724116303745162638173687744722519198135694997143072442262495598229941717662154427658079854456489570272370616011287688607329742778102455597883634128585744719424310959317047586224681182636439016425661921690497021146700063195738002188227997783374002314458898017630781982566563893778990493498285101082603954390913195270780853594236668554376905922385386216967838757757080927927684495607763573259244032815657112318277513263692331304724597733065311
n 602578106730258147145029151507078528228023311986422240985523249498350564263885300157233930825193523280308648157655356068372158504302650144224683108129569247459864940187711489711709579458814666196687869541418809932592805365002780422732149177735519305924651690785827917766964570555950050628260800269562136497522201126810991124924985054597484836930253678731174962016319712806277907629535784672578828428446723295350755335580288909724207693278394230808066981246271489
n0 6703903964971298549787012499102923063739682910296196688861780721860882015036773488400937149083451713845015929093243025426876941405973284973216841682911233
n1 13407807929942597099574024998205846127479365820592393377723561443721764030073546976801874298166903427690031858186486050853753882811946569946433644711116801
n2 6703903964971298549787012499102923063739682910296196723857792318389072804996809122282878994734162608136414911905572727986124928595988056549427656871903233
l 608

Type D

These are ordinary curves with embedding degree 6, whose orders are prime or a prime multiplied by a small constant.

Look here for further information.

By now it is possible to use only the generator provided by PBC. However here there are some pregenerated type D curves.

To use the generator use the following:

  1. The PBC Wrapper: 

    import it.unisa.dia.gas.plaf.jpbc.pbc.curve.PBCTypeDCurveGenerator;

// Init the generator...
int discriminant = 9563;
CurveGenerator curveGenerator = new PBCTypeDCurveGenerator(discriminant);

A possible output is the following: 

type d
q 2094476214847295281570670320144695883131009753607350517892357
n 2094476214847295281570670320143248652598286201895740019876423
h 1122591
r 1865751832009427548920907365321162072917283500309320153
a 982173098527651790709849523520327569717720135226858622584613
b 654782065685101193806566349013551713145146756817905748389742
k 6
nk 84421409121513221644716967251498543569964760150943970280296295496165154657097987617093928595467244393873913569302597521196137376192587250931727762632568620562823714441576400096248911214941742242106512149305076320555351603145285797909942596124862593877499051211952936404822228308154770272833273836975042632765377879565229109013234552083886934379264203243445590336
hk 24251848326363771171270027814768648115136299306034875585195931346818912374815385257266068811350396365799298585287746735681314613260560203359251331805443378322987677594618057568388400134442772232086258797844238238645130212769322779762522643806720212266304
coeff0 1588818987237821572423114324880401861663865653133763691723716
coeff1 1760153528765803930066908946486500362397173920240475785379803
coeff2 2049888389983546663243916150869866382799954492149630470949951
nqr 1146467906739450941418701450790603726238899593000901105835892

Type E

The CM (Complex Multiplication) method of constructing elliptic curves starts with the Diophantine equation 

DV^2 = 4q - t^2

If t = 2 and q = D r2 h2 + 1 for some prime r (which we choose to be a Solinas prime) and some integer h, we find that this equation is easily solved with V = 2rh.

Thus it is easy to find a curve (over the field F_q) with order q - 1. Note r2 divides q - 1, thus we have an embedding degree of 1.

Look here for further information.

To use the generator use the following:

  1. The generator provided by the plaf module: 

    import it.unisa.dia.gas.plaf.jpbc.pairing.e.TypeECurveGenerator;

// Init the generator...
int rBits = 160;
int qBits = 1024;
CurveGenerator curveGenerator = new TypeECurveGenerator(rBits, qBits);

  2. The PBC Wrapper: 

    import it.unisa.dia.gas.plaf.jpbc.pbc.curve.PBCTypeECurveGenerator;

CurveGenerator curveGenerator = new PBCTypeECurveGenerator(rBits, qBits);

A possible output is the following: 

type e
q 274486805462003429510769607767064538623921974426219186390361216549560625377987045369929271496608226923392664240011792509882179956473352660137145250287472721037335737479705957390101195908803297551112290696666811374006580406216686843379014297076462207553016776919064431003584315931518258251039328939428908567149
r 730750818665451459101842416358141509827966402561
h 514023354722583523589851081897492703336251497283677478847634305759043727287999834553374446616572065454868521775523687223709730913070131908152672869801348728592412053561950679577413659098428256946446986313583495788
exp1 17
exp2 159
sign0 1
sign1 1
a 0
b 1

Type F

Using carefully crafted polynomials, k = 12 pairings can be constructed. Only 160 bits are needed to represent elements of one group, and 320 bits for the other. Also, embedding degree k = 12 allows higher security short signatures. (k = 6 curves cannot be used to scale security from 160-bits to say 256-bits because finite field attacks are subexponential.)
Discovered by Barreto and Naehrig, "Pairing-friendly elliptic curves of prime order".

Look here for further information.

To use the generator use the following:

  1. The generator provided by the plaf module: 

    import it.unisa.dia.gas.plaf.jpbc.pairing.f.TypeFCurveGenerator;

// Init the generator...
int rBits = 160;
CurveGenerator curveGenerator = new TypeFCurveGenerator(rBits);

  2. The PBC Wrapper: 

    import it.unisa.dia.gas.plaf.jpbc.pbc.curve.PBCTypeFCurveGenerator;

CurveGenerator curveGenerator = new PBCTypeFCurveGenerator(rBits);

A possible output is the following: 

type f
q 205523667896953300194896352429254920972540065223
r 205523667896953300194895899082072403858390252929
b 40218105156867728698573668525883168222119515413
beta 115334401956802802075595682801335644058796914268
alpha0 191079354656274778837764015557338301375963168470
alpha1 71445317903696340296199556072836940741717506375

Type G

Another construction based on the CM method. Discovered by Freeman, "Constructing pairing-friendly elliptic curves with embedding degree 10."

Look here for further information.

To use the generator use the following:

  1. The PBC Wrapper: 

    import it.unisa.dia.gas.plaf.jpbc.pbc.curve.PBCTypeGCurveGenerator;

// Init the generator...
int discriminant = 35707;
CurveGenerator curveGenerator = new PBCTypeGCurveGenerator(discriminant);

A possible output is the following: 

type g
q 503189899097385532598615948567975432740967203
n 503189899097385532598571084778608176410973351
h 1
r 503189899097385532598571084778608176410973351
a 465197998498440909244782433627180757481058321
b 463074517126110479409374670871346701448503064
k 10
nk 1040684643531490707494989587381629956832530311976146077888095795458709511789670022388326295177424065807612879371896982185473788988016190582073591316127396374860265835641044035656044524481121528846249501655527462202999638159773731830375673076317719519977183373353791119388388468745670818193868532404392452816602538968163226713846951514831917487400267590451867746120591750902040267826351982737642689423713163967384383105678367875981348397359466338807
hk 4110127713690841149713310614420858884651261781185442551927080083178682965171097172366598236129731931693425629387502221804555636704708008882811353539555915064049685663790355716130262332064327767695339422323460458479884756000782939428852120522712008037615051139080628734566850259704397643028017435446110322024094259858170303605703280329322675124728639532674407
coeff0 67343110967802947677845897216565803152319250
coeff1 115936772834120270862756636148166314916823221
coeff2 87387877425076080433559927080662339215696505
coeff3 433223145899090928132052677121692683015058909
coeff4 405367866213598664862417230702935310328613596
nqr 22204504160560785687198080413579021865783099