 ### reorder README

parent 0c5398bb
 ... ... @@ -5,15 +5,59 @@ Cocks--Pinch curves with embedding degree 5 to 8 and optimal ate pairing This repository holds companion code for the paper. We provide code for the following tasks. * Search for pairing-friendly curves with our Cocks-Pinch variant; see "Using the search program") * Generate tables with estimated costs of pairing computations for various embedding degrees. See "Computing pairing costs" * Generate formulas for efficient computation of final exponentiations when k is either 5 or 7 (see file `final_expo_k57.py`) or 6 or 8 (`final_expo_k68.sage`). For all four cases, see also the section "Formulas for final exponentiation" in this file. * Generate tables with estimated costs of pairing computations for various embedding degrees. See "Computing pairing costs" * Search for pairing-friendly curves with our Cocks-Pinch variant; see "Using the search program". Computing pairing costs ======================= Tables 5 and 9 in the paper are also generated automatically. The following code can be used. sage: load("cost_pairing.py") sage: table_costFpk([1,2,3,5,6,7,8,12,16]) sage: table_cost_pairing() Formulas for final exponentiation ================================= This corresponds to §5.2 of the paper. For the cases `k=5` and `k=7`, the file `final_expo_k57.py` contains explicit formulas that reach the upper bound claimed in §5.2 in the paper. To reproduce this, one does as follows. Notice that the number of inversions depends on the parameter `i`. sage: load("final_expo_k57.py") sage: print_final_expo_k57() cost for k=5 i=1: 3p + 1c + 7M + 3T cost for k=5 i=2: 1I + 3p + 1c + 7M + 3T cost for k=5 i=3: 2I + 3p + 1c + 7M + 3T cost for k=5 i=4: 1I + 3p + 1c + 7M + 3T cost for k=7 i=1: 5p + 1c + 11M + 5T cost for k=7 i=2: 1I + 5p + 1c + 11M + 5T cost for k=7 i=3: 1I + 5p + 1c + 11M + 5T cost for k=7 i=4: 2I + 5p + 1c + 11M + 5T cost for k=7 i=5: 2I + 5p + 1c + 11M + 5T cost for k=7 i=6: 1I + 5p + 1c + 11M + 5T For the cases `k=6` and `k=8`, the exact formulas depend on the chosen CM discriminant, and employ further optimizations. Formulas as well as costs, matching those found in §5.2 in the paper, can be obtained as follows: sage: load("final_expo_k68.sage") sage: formulas(6) [lots of output] sage: formulas(8) [lots of output] Using the search program ======================== ... ... @@ -581,48 +625,3 @@ Note that the former is naturally preferred because hy has 2-naf weight only 4. Formulas for final exponentiation ================================= This corresponds to §5.2 of the paper. For the cases `k=5` and `k=7`, the file `final_expo_k57.py` contains explicit formulas that reach the upper bound claimed in §5.2 in the paper. To reproduce this, one does as follows. Notice that the number of inversions depends on the parameter `i`. sage: load("final_expo_k57.py") sage: print_final_expo_k57() cost for k=5 i=1: 3p + 1c + 7M + 3T cost for k=5 i=2: 1I + 3p + 1c + 7M + 3T cost for k=5 i=3: 2I + 3p + 1c + 7M + 3T cost for k=5 i=4: 1I + 3p + 1c + 7M + 3T cost for k=7 i=1: 5p + 1c + 11M + 5T cost for k=7 i=2: 1I + 5p + 1c + 11M + 5T cost for k=7 i=3: 1I + 5p + 1c + 11M + 5T cost for k=7 i=4: 2I + 5p + 1c + 11M + 5T cost for k=7 i=5: 2I + 5p + 1c + 11M + 5T cost for k=7 i=6: 1I + 5p + 1c + 11M + 5T For the cases `k=6` and `k=8`, the exact formulas depend on the chosen CM discriminant, and employ further optimizations. Formulas as well as costs, matching those found in §5.2 in the paper, can be obtained as follows: sage: load("final_expo_k68.sage") sage: formulas(6) [lots of output] sage: formulas(8) [lots of output] Computing pairing costs ======================= Tables 5 and 9 in the paper are also generated automatically. The following code can be used. sage: load("cost_pairing.py") sage: table_costFpk([1,2,3,5,6,7,8,12,16]) sage: table_cost_pairing()
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment