ABSTRACT
This chapter discusses the survey the main methods used for generating elliptic curves suitable for pairing-based cryptography. Pairing-based cryptosystems require elliptic curves that are secure and enable efficient pairing computation. It turns out that, for a random elliptic curve, these two conditions are rarely both satisfied. The best-known algorithm for discrete logarithm computation on elliptic curves is the parallelized Pollard rho algorithm, which has a running time. On the other hand, the best known algorithms for discrete logarithm computation in finite fields are index calculus attacks, which have a running time subexponential in the field size. Notice that index calculus attacks have recently been improved and are likely to get more efficient in the near future.
