以下內容源自PBC Library 的 英文manual(Chapter 5)。
本文摘要:
五,Param functions
- 1.1.Param generation
一. Param functions
Pairings are initialized from pairing parameters, which are objects of type pbc_param_t. Some
applications can ignore this data type because pairing_init_set_str() handles it behind the scenes:
it reads a string as a pbc_param_t, then initializes a pairing with these parameters.
int pbc_param_init_set_str(pbc_param_t par, const char *s)
Initializes pairing parameters from the string s. Returns 0 if successful, 1 otherwise.
int pbc_param_init_set_buf(pbc_param_t par, const char *s, size_t len)
Same, but read at most len bytes. If len is 0, it behaves as the previous function. Returns 0 if successful, 1
otherwise.
void pbc_param_out_str(FILE *stream, pbc_param_t p)
Write pairing parameters to ’stream’ in a text format.
void pbc_param_clear(pbc_param_t p)
Clear p. Call after p is no longer needed.
【譯文】
第5章參數函數配對是從配對參數初始化的,配對參數是pbc_param_t類型的對象。某些應用程序可以忽略此數據類型,因爲
pairing_init_set_str()
在後臺處理該數據類型:它讀取字符串作爲pbc_param_t,然後使用這些參數初始化配對。
int pbc_param_init_set_str(pbc_param_t par,const char * s)
從字符串s初始化配對參數。如果成功,則返回0,否則返回1。
int pbc_param_init_set_buf(pbc_param_t par,const char * s,size_t len)
相同,但最多讀取len個字節。如果len爲0,則其行爲與前一個函數相同。如果成功,則返回0,否則返回1。
void pbc_param_out_str(FILE * stream,pbc_param_t p)
將配對參數以文本格式寫入“ stream”。
void pbc_param_clear(pbc_param_t p)
清除p。 p之後不再需要調用。
1.1. Param generation
These were used to prepare the sample parameters in the param subdirectory.
We label the pairing families with capital letters roughly in the order of discovery, so we can refer to them easily. Type A is fastest. Type D is a good choice when elements should be short but is slower. Type F has even shorter elements but is slower still. The speed differences are hardware-dependent, and also change when preprocessing is used. Type B and C are unimplemented.
The pbc_cm_t data type holds CM parameters that are used to generate type D and G curves.
【譯文】
參數生成這些用於在param子目錄中準備示例參數。
我們大致按照發現的順序用大寫字母標記配對族,因此我們可以輕鬆地引用它們。 A型最快。當元素應該較短但較慢時,D類型是一個不錯的選擇。 F型元素更短,但速度仍然更慢。速度差異取決於硬件,並且在使用預處理時也會發生變化。類型B和C未實現。
pbc_cm_t數據類型保存用於生成D型和G型曲線的CM參數。
void pbc_cm_init(pbc_cm_t cm)
Initializes cm.
初始化cm.
void pbc_cm_clear(pbc_cm_t cm)
Clears cm.
清除cm.
int pbc_cm_search_d(int (*callback)(pbc_cm_t, void *), void *data,unsigned int D, unsigned int bitlimit)
For a given discriminant D, searches for type D pairings suitable for cryptography (MNT curves of embedding degree 6). The group order is at most bitlimit bits. For each set of CM parameters found, call callback with
pbc_cm_t and given void*. If the callback returns nonzero, stops search and returns that value. Otherwise returns 0.
對於給定的判別式D,搜索適用於密碼學的D型配對(嵌入度爲6的MNT曲線)。組順序最多爲位限制位。對於找到的每組CM參數,請使用pbc_cm_t並給定void *來調用回調。如果回調返回非零,則停止搜索並返回該值。否則返回0。
int pbc_cm_search_g(int (*callback)(pbc_cm_t, void *), void *data, unsigned int D, unsigned int bitlimit)
For a given discriminant D, searches for type G pairings suitable for cryptography (Freeman curve). The group order is at most bitlimit bits. For each set of CM parameters found, call callback with pbc_cm_t and given
void*. If the callback returns nonzero, stops search and returns that value. Otherwise returns 0.
對於給定的判別式D,搜索適用於密碼學的G型配對(弗里曼曲線)。組順序最多爲位限制位。對於找到的每組CM參數,請使用pbc_cm_t並給定void *來調用回調。如果回調返回非零,則停止搜索並返回該值。否則返回0。
void pbc_param_init_a_gen(pbc_param_t par, int rbits, int qbits)
Generate type A pairing parameters and store them in p, where the group order r is r bits long, and the order of the base field q is qbits long. Elements take q bits to represent.
To be secure, generic discrete log algorithms must be infeasible in groups of order r, and finite field discrete log algorithms must be infeasible in finite fields of order q^2, e.g. rbits = 160, qbits = 512.
The file param/a.param contains parameters for a type A pairing suitable for cryptographic use.
生成A型配對參數並將其存儲在p中,其中組順序r爲r bits長,基字段q的順序爲qbits長。元素以q位表示。
爲了安全起見,通用離散對數算法必須在r階的組中不可行,而有限域離散對數算法必須在q ^ 2階的有限域中不可行,例如rbits = 160,qbits =512。
文件param / a.param包含適用於加密的A型配對的參數。
void pbc_param_init_i_gen(pbc_param_t par, int group_size)
Generate type I pairing parameters and store them in p, where the group order is at least 2^group_size.
To be as secure as 64 bit symmetric encryption, group_size may be 150. To get 128 bit symmetric secure level, group_size may be 696.
The file param/i.param contains parameters for a type I pairing suitable for cryptographic use.
生成I型配對參數,並將它們存儲在組順序至少爲2 ^ group_size的p中。
爲了與64位對稱加密一樣安全,group_size可以爲150。要獲得128位對稱安全級別,group_size可以爲696。
文件param / i.param包含適用於加密的I型配對的參數。
void pbc_param_init_a1_gen(pbc_param_t param, mpz_t n)
Generate type A1 pairing parameters and store them in p. The group order will be n. The order of the base fieldis a few bits longer. To be secure, generic discrete log algorithms must be infeasible in groups of order n, and
finite field discrete log algorithms must be infeasible in finite fields of order roughly n2. Additionally, n should be hard to factorize.
For example: n a product of two primes, each at least 512 bits.
The file param/a1.param contains sample parameters for a type A1 pairing, but it is only for benchmarking: it is useless without the factorization of n, the order of the group.
生成A1型配對參數並將其存儲在p中。分組順序爲n。基本字段的順序長了幾位。爲了安全起見,通用離散對數算法必須在n階的組中不可行,而有限域離散對數算法必須在大約n2階的有限域中不可行。此外,n應該很難分解。
例如:n是兩個素數的乘積,每個素數至少爲512位。
文件param / a1.param包含用於A1類型配對的樣本參數,但僅用於基準測試:如果不對組的階數n進行因式分解,則它是無用的。
void pbc_param_init_d_gen(pbc_param_t p, pbc_cm_t cm)
Type D curves are generated using the complex multiplication (CM) method. This function sets p to a type D pairing parameters from CM parameters cm. Other library calls search for appropriate CM parameters and theresults can be passed to this function.
To be secure, generic discrete log algorithms must be infeasible in groups of order r, and finite field discrete log algorithms must be infeasible in finite fields of order q6. For usual CM parameters, r is a few bits smaller than q.
Using type D pairings allows elements of group G1 to be quite short, typically 170-bits. Because of a certain trick, elements of group G2 need only be 3 times longer, that is, about 510 bits rather than 6 times long. They
are not quite as short as type F pairings, but much faster.
I sometimes refer to a type D curve as a triplet of numbers: the discriminant, the number of bits in the prime q, and the number of bits in the prime r. The gen/listmnt program prints these numbers.
Among the bundled type D curve parameters are the curves 9563-201-181, 62003-159-158 and 496659-224-224 which have shortened names param/d201.param, param/d159.param and param/d225.param respectively.
See gen/listmnt.c and gen/gendparam.c for how to generate type D pairing parameters.
D型曲線是使用複數乘法(CM)方法生成的。此功能將CM參數cm中的p設置爲D型配對參數。其他庫調用會搜索適當的CM參數,並將結果傳遞給此函數。
爲了安全起見,通用離散對數算法必須在r階組中不可行,而有限域離散對數算法在q6階有限域中必須不可行。對於通常的CM參數,r比q小几位。
使用類型D配對可使組G1的元素很短,通常爲170位。由於某種技巧,組G2的元素僅需要長3倍,即大約510位,而不是6倍長。它們不像F型配對那麼短,但是要快得多。
有時我將D型曲線稱爲數字的三元組:判別式,素數q的位數和素數r的位數。 gen / listmnt程序將打印這些數字。
在捆綁的D型曲線參數中,曲線9563-201-181,曲線62003-159-158和496659-224-224分別具有較短的名稱param / d201.param,param / d159.param和param / d225.param。有關如何生成D型配對參數的信息,請參閱gen / listmnt.c和gen / gendparam.c。
void pbc_param_init_e_gen(pbc_param_t p, int rbits, int qbits)
Generate type E pairing parameters and store them in p, where the group order r is rbits long, and the order of the base field q is qbits long. To be secure, generic discrete log algorithms must be infeasible in groups of order r, and finite field discrete log algorithms must be infeasible in finite fields of order q, e.g. rbits = 160, qbits =1024.
This pairing is just a curiosity: it can be implemented entirely in a field of prime order, that is, only arithmetic modulo a prime is needed and there is never a need to extend a field.
If discrete log in field extensions are found to be substantially easier to solve than previously thought, or discrete log can be solved in elliptic curves as easily as they can be in finite fields, this pairing type may
become useful.
生成類型E的配對參數並將其存儲在p中,其中組順序r爲rbits長,而基字段q的順序爲qbits長。
爲了安全起見,通用離散對數算法必須在r階組中不可行,而有限域離散對數算法在q階有限域中必須不可行,例如rbits = 160,qbits =1024。這種配對只是出於好奇:它可以完全在素數字段中實現,即,僅需要對素數進行算術運算,而無需擴展字段。
如果發現離散對數域擴展比以前想象的要容易解決,或者離散對數可以像在有限域中一樣容易地在橢圓曲線中求解,則這種配對類型可能會有用。
void pbc_param_init_f_gen(pbc_param_t p, int bits)
Generate type F pairing parameters and store them in p. Both the group order r and the order of the base field q will be roughly bits-bit numbers.
To be secure, generic discrete log algorithms must be infeasible in groups of order r, and finite field discrete log algorithms must be infeasible in finite fields of order q^12, e.g. bits = 160.
Type F should be used when the top priority is to minimize bandwidth (e.g. short signatures). The current implementation makes them slow.
If finite field discrete log algorithms improve further, type D pairings will have to use larger fields, but type F can still remain short, up to a point.
生成F型配對參數並將其存儲在p中。分組順序r和基字段q的順序都將是大致的位數。
爲了安全起見,通用離散對數算法在r階的組中必須是不可行的,而有限域離散對數算法在q ^ 12階的有限域中必須是不可行的,例如位=160。
當最高優先級是最小化帶寬(例如,短簽名)時,應使用類型F。當前的實現使它們變慢。如果有限域離散對數算法得到進一步改善,D型配對將不得不使用更大的字段,但是F型仍然可以保持較短,直到某一點爲止。
void pbc_param_init_g_gen(pbc_param_t p, pbc_cm_t cm)
Type G curves are generated using the complex multiplication (CM) method. This function sets p to a type G pairing parameters from CM parameters cm. They have embedding degree 10.
To be secure, generic discrete log algorithms must be infeasible in groups of order r, and finite field discrete log algorithms must be infeasible in finite fields of order q6. For usual CM parameters, r is a few bits smaller than q.
They are quite slow at the moment so for now type F is a better choice.
The file param/g149.param contains parameters for a type G pairing with 149-bit group and field sizes.
使用複數乘法(CM)方法生成G型曲線。此功能將CM參數cm中的p設置爲G型配對參數。它們的嵌入度爲10。
爲安全起見,通用離散對數算法必須在r階組中不可行,而有限域離散對數算法在q6階有限域中必須不可行。對於通常的CM參數,r比q小几位。它們現在很慢,因此,現在F型是更好的選擇。
文件param / g149.param包含與149位組和字段大小配對的G型配對的參數。
— end —