Does relic support the symmetric pairing?

[YWRtaW4]

If I want to implement a protocol with symmetric pairing at the AES-80 security level, I would like to know how to achieve this with relic. Thanks.

[YWRtaW4]

I know little about symmetric pairing, and I try with pp_map_weilp_k2() and pp_map_tatep_k2(). It seems that the Weil pairing is symmetric while the Tate pairing is asymmetric. As far as I know, asymmetirc pairings such as the Optimal Ate pairing are defined on the 12-th extension field, but the output of Weil or Tate pairing is fp2_t. Could you please explain to me why Weil/Tate pairings are defined on the 2-th extension field in the case of symmetric? Please correct me if I misunderstand. And does that mean I can achieve the 128-bit security level with FP_PRIME=256 in pp_map_weilp_k2()?

[YWRtaW4]

I run e(aP,Q)e(bP,Q) with pp_map_weilp_k2() under BN_P256 curve, and it turns out that the result is not equal to e(aP+b*P,Q) which should be equal according to the bilinearity of pairings.

And the cmake that I use is cmake -DWSIZE=64 -DCHECK=off -DVERBS=off -DARITH=gmp -DFP_PRIME=256 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DMD_METHD=SH256 -DEP_ENDOM=on -DEP_PLAIN=off -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;WEILP" $1

[YWRtaW4]

I've fixed my problem.

[dfaranha]

Hi, I'm late to the game, but you should use FP_PRIME=1536 to access the Type-1 pairing implementation contained in RELIC.

[YWRtaW4]

Yes, I've done as you said and got the desired result. Thank you for your reply! And RELIC is fantanstic! :)