Research

We show that Montgomery ladders compute pairings as a by-product, and explain how a small adjustment to the ladder results in simple and efficient algorithms for the Weil and Tate pairing on elliptic curves using cubical arithmetic. We demonstrate the efficiency of the resulting cubical pairings in several applications from isogeny-based cryptography. Cubical pairings are simpler and more performant than pairings computed using Miller’s algorithm: we get a speed-up of over 40 per cent for use-cases in SQIsign, and a speed-up of about 7 per cent for use-cases in CSIDH. While these results arise from a deep connection to biextensions and cubical arithmetic, in this article we keep things as concrete (and digestible) as possible. We provide a concise and complete introduction to cubical arithmetic as an appendix.

Published in IACR Communications In Cryptology, Volume 2, no. 2, 2025

Arithmetic on abelian varieties via the use of algebraic theta functions. Algorithms describing the group law, $(2,\dots,2)$-isogenies, pairings. Application of these algorithms on SQIsign2D verification.

SageMath implementation of pairings on genus-2 Jacobians using cubical arithmetic on theta coordinates