Optimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves

In this paper, the authors presents a novel optimal pairing over supersingular genus-2 binary hyperelliptic curves. Starting from Vercauteren's work on optimal pairings, they describe how to exploit the action of the 23m-th power Verschiebung in order to further reduce the loop length of Miller's algorithm compared to the genus-2 nT approach. As a proof of concept, they detail an optimized software implementation and an FPGA accelerator for computing the proposed optimal Eta pairing on a genus-2 hyperelliptic curve over F2367, which satisfies the recommended security level of 128 bits.