> On 18 Aug 2018, at 15:10, Michael Scott <mike.sc...@miracl.com> wrote: > I really don't expect any other cycles to be found, outside the simple MNT > case. The search for pairing-friendly curves is I suspect largely complete at > this stage.
Interesting. It looks like the authors estimated an 80 bit security level for the curve cycle they explored/recommended. If I understand, the more recent NFS improvements that impact BN curves do not impact these MNT curves much, as folks had unrelated concerns about their security that were already incorporated. https://ellipticnews.wordpress.com/2016/05/02/kim-barbulescu-variant-of-the-number-field-sieve-to-compute-discrete-logarithms-in-finite-fields/ > On Sat, Aug 18, 2018 at 1:29 PM Jeff Burdges <burd...@gnunet.org> wrote: > > Is anyone actively working on cycles of pairing friendly elliptic curves? > > In other words, each curve’s field of definition is the scalar field of it’s > predecessor, which makes recursive composition of SNARKs not totally insane: > https://www.iacr.org/archive/crypto2014/86160202/86160202.pdf > > I’d think you’d want to explore a lot of possible optimisations beyond that > paper before trying to use something like this, so maybe someone has tried? > > In practice, I’m unsure if recursively composed SNARKs really give you much > since, if you want to add a SNARK layer, then you still need access to some > large database, but.. that discussion might veer off topic for here. > > Best, > Jeff > > p.s. We’re hiring cryptographers at the web 3 foundation : > https://web3.foundation/jobs > > _______________________________________________ > Curves mailing list > Curves@moderncrypto.org > https://moderncrypto.org/mailman/listinfo/curves > _______________________________________________ > Curves mailing list > Curves@moderncrypto.org > https://moderncrypto.org/mailman/listinfo/curves
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves
