Advertisement

Template:About The concept of pairing treated here occurs in mathematics.

## Definition

Let R be a commutative ring with unity, and let M, N and L be three R-modules.

A pairing is any R-bilinear map ${\displaystyle e:M \times N \to L}$. That is, it satisfies

${\displaystyle e(rm,n)=e(m,rn)=re(m,n)}$,
${\displaystyle e(m_1+m_2,n)=e(m_1,n)+e(m_2,n)}$ and ${\displaystyle e(m,n_1+n_2)=e(m,n_1)+e(m,n_2)}$

for any ${\displaystyle r \in R}$ and any ${\displaystyle m,m_1,m_2 \in M}$ and any ${\displaystyle n,n_1,n_2 \in N }$. Or equivalently, a pairing is an R-linear map

${\displaystyle M \otimes_R N \to L}$

where ${\displaystyle M \otimes_R N}$ denotes the tensor product of M and N.

A pairing can also be considered as an R-linear map ${\displaystyle \Phi : M \to \operatorname{Hom}_{R} (N, L) }$, which matches the first definition by setting ${\displaystyle \Phi (m) (n) := e(m,n) }$.

A pairing is called perfect if the above map ${\displaystyle \Phi}$ is an isomorphism of R-modules.

A pairing is called alternating if for the above map we have ${\displaystyle e(m,m) = 0 }$.

A pairing is called non-degenerate if for the above map we have that ${\displaystyle e(m,n) = 0 }$ for all ${\displaystyle m}$ implies ${\displaystyle n=0}$.

## Examples

Any scalar product on a real vector space V is a pairing (set M = N = V, R = R in the above definitions).

The determinant map (2 × 2 matrices over k) → k can be seen as a pairing ${\displaystyle k^2 \times k^2 \to k}$.

The Hopf map ${\displaystyle S^3 \to S^2}$ written as ${\displaystyle h:S^2 \times S^2 \to S^2 }$ is an example of a pairing. In [1] for instance, Hardie et al. present an explicit construction of the map using poset models.

## Pairings in cryptography

In cryptography, often the following specialized definition is used [2]:

Let ${\displaystyle \textstyle G_1}$ be an additive and ${\displaystyle \textstyle G_2}$ a multiplicative group both of prime order ${\displaystyle \textstyle p}$. Let ${\displaystyle \textstyle P, Q}$ be generators ${\displaystyle \textstyle \in G_1}$.

A pairing is a map: ${\displaystyle e: G_1 \times G_1 \rightarrow G_2 }$

for which the following holds:

1. Bilinearity: ${\displaystyle \textstyle \forall P,Q \in G_1,\, a,b \in \mathbb{Z}_p^*:\ e\left(aP, bQ\right) = e\left(P, Q\right)^{ab}}$
2. Non-degeneracy: ${\displaystyle \textstyle \forall P \in G_1,\,P \neq \infty:\ e\left(P, P\right) \neq 1}$
3. For practical purposes, ${\displaystyle \textstyle e}$ has to be computable in an efficient manner

Note that is also common in cryptographic literature for both groups to be written in multiplicative notation.

The Weil pairing is a pairing important in elliptic curve cryptography, e.g. it may be used to attack certain elliptic curves (see MOV attack). It and other pairings have been used to develop identity-based encryption schemes.

## Slightly different usages of the notion of pairing

Scalar products on complex vector spaces are sometimes called pairings, although they are not bilinear. For example, in representation theory, one has a scalar product on the characters of complex representations of a finite group which is frequently called character pairing.

## References

1. A nontrivial pairing of finite T0 spaces Authors: Hardie K.A.1; Vermeulen J.J.C.; Witbooi P.J. Source: Topology and its Applications, Volume 125, Number 3, 20 November 2002 , pp. 533-542(10)
2. Dan Boneh, Matthew K. Franklin, Identity-Based Encryption from the Weil Pairing Advances in Cryptology - Proceedings of CRYPTO 2001 (2001)
Advertisement