Part 3: Pairings

Chapters 13 to 19 use the subroutines from chapters 2 through 12 to develop the code required to compute elliptic curve pairings of points on field extensions. The code to compute pairings used in blockchain technology is the goal of this last part.

Now that we have the background of elliptic curves over field extensions under our belts, we can begin to tackle the pairing of points on field extension curves. Knowing how to compute pairings will allow us to verify aggregated signatures from multiple people, so only one test is performed to determine the validity of a signature. It will also give us the ability to compute zero-knowledge proofs using state-of-the-art protocols.

The pairing of two points of order n on an elliptic curve is a form of multiplication. The result of the operation is just a field element. The field element has the special property of being an n^th root of unity. So if r is the result of a pairing, rⁿ = 1. That is what makes elliptic curve pairing such a useful one-way trap door function. Given r and one of the points in the pairing, you cannot find the other point.