Pairing

In mathematics, a pairing is an ''R''- bilinear map from the Cartesian product of two ''R''- modules, where the underlying ring ''R'' is commutative.

Definition

Let ''R'' be a commutative ring with unit, and let ''M'', ''N'' and ''L'' be ''R''-modules.

A pairing is any ''R''-bilinear map $e:M \times N \to L$. That is, it satisfies

:$e(r\cdot m,n)=e(m,r \cdot n)=r\cdot e(m,n)$,

:$e(m_1+m_2,n)=e(m_1,n)+e(m_2,n)$ and $e(m,n_1+n_2)=e(m,n_1)+e(m,n_2)$

for any $r \in R$ and any $m,m_1,m_2 \in M$ and any $n,n_1,n_2 \in N$. Equivalently, a pairing is an ''R''-linear map

:$M \otimes_R N \to L$

where $M \otimes_R N$ denotes the tensor product of ''M'' and ''N''.

A pairing can also be considered as an ''R''-linear map
$\Phi : M \to \operatorname_ (N, L)$, which matches the first definition by setting
$\Phi (m) (n) := e(m,n)$.

A pairing is called perfect if the above map $\Phi$ is an isomorphism of ''R''-modules and the other evaluation map $\Phi'\colon N\to \operatorname_(M,L)$ is an isomorphism also. In nice cases, it suffices that just one of these be an isomorphism, e.g. when '' R'' is a field, ''M,N'' are finite dimensional vector spaces and ''L=R''.

A pairing is called non-degenerate on the right if for the above map we have that $e(m,n) = 0$ for all $m$ implies $n=0$; similarly, $e$ is called non-degenerate on the left if $e(m,n) = 0$ for all $n$ implies $m=0$.

A pairing is called alternating if $N=M$ and $e(m,m) = 0$ for all ''m''. In particular, this implies $e(m+n,m+n)=0$, while bilinearity shows $e(m+n,m+n)=e(m,m)+e(m,n)+e(n,m)+e(n,n)=e(m,n)+e(n,m)$. Thus, for an alternating pairing, $e(m,n)=-e(n,m)$.

Examples

Any scalar product on a real vector space ''V'' is a pairing (set , in the above definitions).

The determinant map (2 × 2 matrices over ''k'') → ''k'' can be seen as a pairing $k^2 \times k^2 \to k$.

The Hopf map $S^3 \to S^2$ written as $h:S^2 \times S^2 \to S^2$ is an example of a pairing. For instance, Hardie et al. present an explicit construction of the map using poset models.

Pairings in cryptography

In cryptography, often the following specialized definition is used:Dan Boneh, Matthew K. Franklin
Identity-Based Encryption from the Weil Pairing
SIAM J. of Computing, Vol. 32, No. 3, pp. 586–615, 2003.

Let $\textstyle G_1, G_2$ be additive groups and $\textstyle G_T$ a multiplicative group, all of prime order $\textstyle p$. Let $\textstyle P \in G_1, Q \in G_2$ be generators of $\textstyle G_1$ and $\textstyle G_2$ respectively.

A pairing is a map: $e: G_1 \times G_2 \rightarrow G_T$

for which the following holds:
# Bilinearity: $\textstyle \forall a,b \in \mathbb:\ e\left(aP, bQ\right) = e\left(P, Q\right)^$
# Non-degeneracy: $\textstyle e\left(P, Q\right) \neq 1$
# For practical purposes, $\textstyle e$ has to be computable in an efficient manner

Note that it is also common in cryptographic literature for all groups to be written in multiplicative notation.

In cases when $\textstyle G_1 = G_2 = G$, the pairing is called symmetric. As $\textstyle G$ is cyclic, the map $e$ will be commutative; that is, for any $P,Q \in G$, we have $e(P,Q) = e(Q,P)$. This is because for a generator $g \in G$, there exist integers $p$, $q$ such that $P = g^p$ and $Q=g^q$. Therefore $e(P,Q) = e(g^p,g^q) = e(g,g)^ = e(g^q, g^p) = e(Q,P)$.

The Weil pairing is an important concept in elliptic curve cryptography; e.g., it may be used to attack certain elliptic curves (se
MOV attack
. It and other pairings have been used to develop identity-based encryption schemes.

Slightly different usages of the notion of pairing

Scalar products on complex vector spaces are sometimes called pairings, although they are not bilinear.
For example, in representation theory, one has a scalar product on the characters of complex representations of a finite group which is frequently called character pairing.

See also

* Dual system
* Yoneda product

References

External links

The Pairing-Based Crypto Library
{{Use dmy dates, date=September 2016

Linear algebra
Module theory
Pairing-based cryptography
Abstract algebra