LLMpediaThe first transparent, open encyclopedia generated by LLMs

Tate pairing

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Weil pairing Hop 5
Expansion Funnel Raw 60 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted60
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Tate pairing
NameTate pairing
FieldAlgebraic geometry, Number theory, Cryptography
Introduced1960s
Introduced byJohn Tate

Tate pairing The Tate pairing is a bilinear map arising in algebraic number theory, arithmetic geometry, and mathematical cryptography that relates points on elliptic curves or abelian varietys to elements of multiplicative Galois cohomology groups; it is central to duality theorems of John Tate and to pairing-based constructions in public-key cryptography, identity-based encryption, and protocol design. It connects deep results from class field theory, Weil pairing theory, and local field duality with computational techniques used in pairing-based cryptography and implementations on elliptic curve cryptography platforms such as X25519 adaptations and BLS signature schemes. The pairing's algebraic definition, cohomological interpretation, and efficient computation have driven research across Iwasawa theory, modular forms, and applied cryptanalysis.

Definition and basic properties

In its classical formulation for an elliptic curve E over a global or local field K, the Tate pairing is a bilinear, alternating, and nondegenerate pairing between torsion subgroups of E(K) and a Galois cohomology group: it takes values in the multiplicative group of a finite extension of K modulo mth powers for a positive integer m, and satisfies functoriality under field extension maps, norm maps, and Galois action. The construction uses the duality principles developed by John Tate in his work on Tate duality and on the cohomology of discrete valuation rings, building on classical results such as the Weil pairing for principal polarizations on Jacobians of curves and the local duality theorems of Serre and Tate. Important formal properties include bilinearity, alternation (when specialized to self-pairing on m-torsion), compatibility with the connecting homomorphism in the Kummer sequence, and functorial behavior with respect to pushforward and pullback along isogenies of abelian varietys.

Construction and mathematical background

The modern construction uses the Kummer exact sequence, étale cohomology, and the identification of H^1(K,E[m]) with twisted torsors under E[m]; one composes the connecting homomorphism with the cup product and the local or global invariant map from H^2 to the Brauer group or to Q/Z to obtain a scalar invariant. This approach rests on tools from étale cohomology, Galois cohomology, and the theory of Picard groups and Néron models, as developed in foundational work by Alexander Grothendieck, Jean-Pierre Serre, and John Tate; it also interfaces with the theory of Weil pairing, Poitou–Tate duality, and Cassels–Tate pairing constructions on the Shafarevich–Tate group. Over finite fields, the Tate pairing can be presented using divisor classes, functions on curves, and local evaluations at places, invoking the Weil reciprocity law familiar from Riemann–Roch theorem contexts and from explicit formulas used in Heegner point computations.

Computation and algorithms

Practical computation on elliptic curves over finite fields uses Miller's algorithm combined with final exponentiation to move from a value in a multiplicative extension field to an element of the target subgroup; Miller's algorithm was introduced in an algorithmic number theory context and adapted for pairings in the literature on cryptography and elliptic curve implementation. Optimizations exploit curve models such as Weierstrass equation forms, Montgomery curve models, and Edwards curve forms, and leverage efficient arithmetic in extension fields built via polynomial basis or normal basis representations; further speedups come from choosing pairing-friendly curves like Barreto–Naehrig and Kachisa–Schaefer–Scott families and from loop-shortening techniques such as the ate pairing and optimal ate pairing variants. Side-channel countermeasures and constant-time implementations draw on standards from National Institute of Standards and Technology and practice in hardware accelerator design.

Applications in cryptography

The Tate pairing underpins many pairing-based cryptographic protocols, enabling constructions of identity-based encryption systems originally proposed by Adi Shamir and later realized using bilinear maps in schemes by Dan Boneh and Matt Franklin; it also enables short signatures like Boneh–Lynn–Shacham signatures and threshold protocols in distributed systems such as blockchain consensus proposals. It is used in building functional primitives including attribute-based encryption and in constructing non-interactive proofs and multi-party key agreement protocols studied in the applied cryptography literature associated with Internet Engineering Task Force drafts and industry implementations. Security of these applications depends on hardness assumptions such as the Bilinear Diffie–Hellman problem and variants of discrete logarithm assumptions in groups of prime order chosen via pairing-friendly curve parameterizations.

Examples and special cases

Concrete examples include the Tate pairing on m-torsion of elliptic curves defined over finite fields F_q, where evaluation reduces to function evaluation at divisor representatives and exponentiation by (q^k−1)/m for embedding degree k; common explicit families used in practice are Barreto–Naehrig curves with k=12 and MNT curve families with small embedding degrees. Over local fields like Q_p, the pairing relates local points on elliptic curves to local class field theory invariants, while over global fields it factors through adelic and idelic constructions appearing in Tate's thesis and in the study of L-functions and the Birch and Swinnerton-Dyer conjecture framework.

Variants and generalizations

Generalizations include pairings on higher-dimensional abelian varietys, pairings derived from the Weil pairing on Jacobians of higher-genus curves, and cohomological pairings appearing in Poitou–Tate duality and in the study of the Cassels–Tate pairing on the Shafarevich–Tate group of an abelian variety. Algorithmic variants used in cryptography include the ate pairing, optimal ate pairing, twisted Tate pairing, and distortions maps for supersingular curves, while number-theoretic generalizations connect to Brauer group pairings, reciprocity laws in class field theory, and dualities explored in Iwasawa theory and motivic cohomology.

Category:Number theory