Crypto Wiki

Template:About The concept of pairing treated here occurs in mathematics.


Let R be a commutative ring with unity, and let M, N and L be three R-modules.

A pairing is any R-bilinear map . That is, it satisfies


for any and any and any . Or equivalently, a pairing is an R-linear map

where denotes the tensor product of M and N.

A pairing can also be considered as an R-linear map , which matches the first definition by setting .

A pairing is called perfect if the above map is an isomorphism of R-modules.

A pairing is called alternating if for the above map we have .

A pairing is called non-degenerate if for the above map we have that for all implies .


Any scalar product on a real vector space V is a pairing (set M = N = V, R = R in the above definitions).

The determinant map (2 × 2 matrices over k) → k can be seen as a pairing .

The Hopf map written as is an example of a pairing. In [1] for instance, Hardie et al. present an explicit construction of the map using poset models.

Pairings in cryptography[]

In cryptography, often the following specialized definition is used [2]:

Let be an additive and a multiplicative group both of prime order . Let be generators .

A pairing is a map:

for which the following holds:

  1. Bilinearity:
  2. Non-degeneracy:
  3. For practical purposes, has to be computable in an efficient manner

Note that is also common in cryptographic literature for both groups to be written in multiplicative notation.

The Weil pairing is a pairing important in elliptic curve cryptography, e.g. it may be used to attack certain elliptic curves (see MOV attack). It and other pairings have been used to develop identity-based encryption schemes.

Slightly different usages of the notion of pairing[]

Scalar products on complex vector spaces are sometimes called pairings, although they are not bilinear. For example, in representation theory, one has a scalar product on the characters of complex representations of a finite group which is frequently called character pairing.


  1. A nontrivial pairing of finite T0 spaces Authors: Hardie K.A.1; Vermeulen J.J.C.; Witbooi P.J. Source: Topology and its Applications, Volume 125, Number 3, 20 November 2002 , pp. 533-542(10)
  2. Dan Boneh, Matthew K. Franklin, Identity-Based Encryption from the Weil Pairing Advances in Cryptology - Proceedings of CRYPTO 2001 (2001)

External links[]

Template:Use dmy dates

es:Emparejamiento de:Bilineare Abbildung