Paper 2025/672
Simpler and Faster Pairings from the Montgomery Ladder
, NCC Group, University of Bristol, KU Leuven, Inria Bordeaux - Sud-Ouest Research Centre, Institut de Mathématiques de Bordeaux, Technical University of Munich, Inria Saclay - Île-de-France Research Centre, Computer Science Laboratory of the École Polytechnique, French National Centre for Scientific Research, Institut Polytechnique de Paris, École PolytechniqueAbstract
We show that Montgomery ladders compute pairings as a by-product, and explain how a small adjustment to the ladder results in simple and efficient algorithms for the Weil and Tate pairing on elliptic curves using cubical arithmetic. We demonstrate the efficiency of the resulting cubical pairings in several applications from isogeny-based cryptography. Cubical pairings are simpler and more performant than pairings computed using Miller's algorithm: we get a speed-up of over 40% for use-cases in SQIsign, and a speed-up of about 7% for use-cases in CSIDH. While these results arise from a deep connection to biextensions and cubical arithmetic, in this article we keep things as concrete (and digestible) as possible. We provide a concise and complete introduction to cubical arithmetic as an appendix.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Preprint.
- Keywords
- pairingselliptic curvesisogeny-based cryptography
- Contact author(s)
-
giacomopope @ gmail com
crypto krijn @ gmail com
damien robert @ inria fr
alessandro sferlazza @ tum de
smith @ lix polytechnique fr - History
- 2025-04-15: approved
- 2025-04-14: received
- See all versions
- Short URL
- https://ia.cr/2025/672
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/672,
author = {Giacomo Pope and Krijn Reijnders and Damien Robert and Alessandro Sferlazza and Benjamin Smith},
title = {Simpler and Faster Pairings from the Montgomery Ladder},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/672},
year = {2025},
url = {https://eprint.iacr.org/2025/672}
}
