ABSTRACT
This chapter discusses the pseudo-code of algorithms for scalar multiplications and exponentiations in the three pairing groups. Algorithms to compute cryptographic pairings involve computations on elements in all three pairing groups, G1, G2, and GT. However, protocols often compute only a single pairing operation but need to compute many operations in any or all of the groups. A given scalar is decomposed into two scalars of roughly half the size of the original one. The Gallant-Lambert-Vanstone method relies on endomorphisms that arise from E having complex multiplication by an order of small discriminant, i.e., endomorphisms that are specific to the special shape of the curve and that are unrelated to the Frobenius endomorphism.
