Commit 32c9fea8 authored by Emmanuel Thomé's avatar Emmanuel Thomé

reorder README

parent 0c5398bb
......@@ -5,15 +5,59 @@ Cocks--Pinch curves with embedding degree 5 to 8 and optimal ate pairing
This repository holds companion code for the paper.
We provide code for the following tasks.
* Search for pairing-friendly curves with our Cocks-Pinch variant; see
"Using the search program")
* Generate tables with estimated costs of pairing computations for
various embedding degrees. See "Computing pairing costs"
* Generate formulas for efficient computation of final exponentiations
when k is either 5 or 7 (see file `final_expo_k57.py`) or 6 or 8
(`final_expo_k68.sage`). For all four cases, see also the section
"Formulas for final exponentiation" in this file.
* Generate tables with estimated costs of pairing computations for
various embedding degrees. See "Computing pairing costs"
* Search for pairing-friendly curves with our Cocks-Pinch variant; see
"Using the search program".
Computing pairing costs
=======================
Tables 5 and 9 in the paper are also generated automatically. The
following code can be used.
sage: load("cost_pairing.py")
sage: table_costFpk([1,2,3,5,6,7,8,12,16])
sage: table_cost_pairing()
Formulas for final exponentiation
=================================
This corresponds to §5.2 of the paper.
For the cases `k=5` and `k=7`, the file `final_expo_k57.py` contains
explicit formulas that reach the upper bound claimed in §5.2 in the
paper.
To reproduce this, one does as follows. Notice that the number of
inversions depends on the parameter `i`.
sage: load("final_expo_k57.py")
sage: print_final_expo_k57()
cost for k=5 i=1: 3p + 1c + 7M + 3T
cost for k=5 i=2: 1I + 3p + 1c + 7M + 3T
cost for k=5 i=3: 2I + 3p + 1c + 7M + 3T
cost for k=5 i=4: 1I + 3p + 1c + 7M + 3T
cost for k=7 i=1: 5p + 1c + 11M + 5T
cost for k=7 i=2: 1I + 5p + 1c + 11M + 5T
cost for k=7 i=3: 1I + 5p + 1c + 11M + 5T
cost for k=7 i=4: 2I + 5p + 1c + 11M + 5T
cost for k=7 i=5: 2I + 5p + 1c + 11M + 5T
cost for k=7 i=6: 1I + 5p + 1c + 11M + 5T
For the cases `k=6` and `k=8`, the exact formulas depend on the chosen
CM discriminant, and employ further optimizations. Formulas as well as
costs, matching those found in §5.2 in the paper, can be obtained as
follows:
sage: load("final_expo_k68.sage")
sage: formulas(6)
[lots of output]
sage: formulas(8)
[lots of output]
Using the search program
========================
......@@ -581,48 +625,3 @@ Note that the former is naturally preferred because hy has 2-naf weight
only 4.
Formulas for final exponentiation
=================================
This corresponds to §5.2 of the paper.
For the cases `k=5` and `k=7`, the file `final_expo_k57.py` contains
explicit formulas that reach the upper bound claimed in §5.2 in the
paper.
To reproduce this, one does as follows. Notice that the number of
inversions depends on the parameter `i`.
sage: load("final_expo_k57.py")
sage: print_final_expo_k57()
cost for k=5 i=1: 3p + 1c + 7M + 3T
cost for k=5 i=2: 1I + 3p + 1c + 7M + 3T
cost for k=5 i=3: 2I + 3p + 1c + 7M + 3T
cost for k=5 i=4: 1I + 3p + 1c + 7M + 3T
cost for k=7 i=1: 5p + 1c + 11M + 5T
cost for k=7 i=2: 1I + 5p + 1c + 11M + 5T
cost for k=7 i=3: 1I + 5p + 1c + 11M + 5T
cost for k=7 i=4: 2I + 5p + 1c + 11M + 5T
cost for k=7 i=5: 2I + 5p + 1c + 11M + 5T
cost for k=7 i=6: 1I + 5p + 1c + 11M + 5T
For the cases `k=6` and `k=8`, the exact formulas depend on the chosen
CM discriminant, and employ further optimizations. Formulas as well as
costs, matching those found in §5.2 in the paper, can be obtained as
follows:
sage: load("final_expo_k68.sage")
sage: formulas(6)
[lots of output]
sage: formulas(8)
[lots of output]
Computing pairing costs
=======================
Tables 5 and 9 in the paper are also generated automatically. The
following code can be used.
sage: load("cost_pairing.py")
sage: table_costFpk([1,2,3,5,6,7,8,12,16])
sage: table_cost_pairing()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment