bls48 is an Optimal Ate Pairing(OAP) on BLS Curve implementation in C++. This implementation is based on the drafts below;
- Y. Kiyomura, et al. "Secure and Eifficient Pairing at 256-Bit Secure Level" (2017)
- C. Costello, K. Lauter, M. Naehrig, "Attractive Subfamilies of BLS Curves for Implementing High-Security Pairings." (2011)
- draft-by-Kato(not submitted)
Furthermore, this implementation uses libsnark library.
- https://github.com/scipr-lab/libsnark/tree/deprecated-master (branch : deprecated-master)
We are motivated by the security consideration for pairing on any curve give by T. Kim.
- T. Kim et al. "The extended tower number field sieve: A new complexity for the medium prime case. In Advances in Cryptology", (2016).
Kim's attack made us to update the security parameters or to use alternative curves in OAP. BLS-48 cuerve is one of the pairing friendly curves, and recommended parameters for realizing 256-bit security is written in [Kiyomura].
This implementation relies on the following:
- C++ build environment
- GMP for certain bit-integer arithmetic
- libprocps for reporting memory usage
- GTest for some of the unit tests
We have tested these only Linux so far(Ubuntu14.04). For example, on a fresh install of Ubuntu 14.04, install the following packages:
$ sudo apt-get install build-essential git libgmp3-dev libprocps3-dev libgtest-dev python-markdown libboost-all-dev libssl-dev
In the case of Ubuntu 16.04, install the following packages:
$ sudo apt-get install build-essential git libgmp3-dev libprocps4-dev libgtest-dev python-markdown libboost-all-dev libssl-dev
Then, to compile, run:
$ make
- Ubuntu14.04 Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz, 4 cores RAM 8GB
| Security Level | 100 | 256 |
| Curve Parameter | BN256 | BLS48 |
| Scalar Multiplication on G1 | 0.08[ms] | 2.32[ms] |
| Scalar Multiplication on G2 | 1.11[ms] | 160.09[ms] |
| Pairing | 2.81[ms] | 509[ms] |
- Ubuntu16.04 Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz, 8 cores RAM 24GB
| Security Level | 100 | 256 |
| Curve Parameter | BN256 | BLS48 |
| Scalar Multiplication on G1 | 0.06[ms] | 3.05[ms] |
| Scalar Multiplication on G2 | 1.24[ms] | 230.61[ms] |
| Pairing | 4.05[ms] | 740.69[ms] |
- Raspberry Pi 3 model B Linux devuan 4.6.3-gb48d47a(64bit OS) CPU Cortex-A53 ARMv8 64bit @ 1.2GHz, 4 cores RAM 1GB
| Security Level | 100 | 256 |
| Curve Parameter | BN256 | BLS48 |
| Scalar Multiplication on G1 | 6.68[ms] | 41.15[ms] |
| Scalar Multiplication on G2 | 24.23[ms] | 2643.23[ms] |
| Pairing | 58[ms] | 8549.02[ms] |
- Raspberry Pi model B Ubuntu16.04.2 LTS xenial(32bit OS) CPU Cortex-A53 ARMv8 64bit @ 1.2GHz, 4 cores RAM 1GB
| Security Level | 100 | 256 |
| Curve Parameter | BN256 | BLS48 |
| Scalar Multiplication on G1 | 5.39[ms] | 38.42[ms] |
| Scalar Multiplication on G2 | 21.81[ms] | 2660.55[ms] |
| Pairing | 53.03[ms] | 8585.53[ms] |
- Mac Mac OS Sierra Intel Core i7 @ 3.5 GHz, 2 cores RAM 16 GB
| Security Level | 100 | 256 |
| Curve Parameter | BN256 | BLS48 |
| Scalar Multiplication on G1 | 0[ms] | 1.07[ms] |
| Scalar Multiplication on G2 | 0.14[ms] | 112.86[ms] |
| Pairing | 2.11[ms] | 373.02[ms] |
- Windows (Using MSYS2) Windows10 Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz, 4 cores RAM 16 GB
| Security Level | 100 | 256 |
| Curve Parameter | BN256 | BLS48 |
| Scalar Multiplication on G1 | 0[ms] | 1.5[ms] |
| Scalar Multiplication on G2 | 0.9[ms] | 127.74[ms] |
| Pairing | 2.25[ms] | 409.8[ms] |