Weil pairing is widely used in encryption,decryption,signature,cryptographic exchange and cryp-tosystem security analysis.In 1993,Menezes et al.used Weil pairing to effectively reduce the discrete logarithm of a supersingular elliptic curve to the discrete logarithm over a finite field,so the elliptic curve cryptosystem based on Weil pairing was seriously challenged.However,the application of elliptic curve cryptosystem based on Weil pairing has not stopped.For this reason,the characteristics of elliptic curves suitable for Weil pairing are analyzed,and it is pointed out that the elliptic curves suitable for Weil pairing are curves with binary cyclic group structure,and the hypersingular elliptic curves with monadic group structure can be constructed by means of embedding degree.At the same time,in order to facilitate the understanding of the implementation of Weil pairing,common elliptic curves suitable for Weil pairing safety are listed.Finally,we focus on the implementation process of MOV attack with even embedding degree of supersingular elliptic curve,verify the analysis results by using PARI software,and point out the design flaws of PARI and SageMath software.
维普
万方数据