Pairing

In mathematics, a pairing is an R-bilinear map of modules, where R is the underlying ring.

Definition

Let R be a commutative ring with unity, and let M, N and L be three R-modules.

A pairing is any R-bilinear map $e:M\times N\to L$ . That is, it satisfies

$e(r\cdot m,n)=e(m,r\cdot n)=r\cdot e(m,n)$ ,
$e(m_{1}+m_{2},n)=e(m_{1},n)+e(m_{2},n)$ and $e(m,n_{1}+n_{2})=e(m,n_{1})+e(m,n_{2})$ for any $r\in R$ and any $m,m_{1},m_{2}\in M$ and any $n,n_{1},n_{2}\in N$ . Or equivalently, a pairing is an R-linear map

$M\otimes _{R}N\to L$ where $M\otimes _{R}N$ denotes the tensor product of M and N.

A pairing can also be considered as an R-linear map $\Phi :M\to \operatorname {Hom} _{R}(N,L)$ , which matches the first definition by setting $\Phi (m)(n):=e(m,n)$ .

A pairing is called perfect if the above map $\Phi$ is an isomorphism of R-modules.

A pairing is called non-degenerate if for the above map we have that $e(m,n)=0$ for all $m$ implies $n=0$ .

A pairing is called alternating if $N=M$ and for the above map we have $e(m,m)=0$ for all m.

Examples

Any scalar product on a real vector space V is a pairing (set M = N = V, R = R in the above definitions).

The determinant map (2 × 2 matrices over k) → k can be seen as a pairing $k^{2}\times k^{2}\to k$ .

The Hopf map $S^{3}\to S^{2}$ written as $h:S^{2}\times S^{2}\to S^{2}$ is an example of a pairing. In  for instance, Hardie et al. present an explicit construction of the map using poset models.

Pairings in cryptography

In cryptography, often the following specialized definition is used:

Let $\textstyle G_{1},G_{2}$ be additive groups and $\textstyle G_{T}$ a multiplicative group, all of prime order $\textstyle p,q$ . Let $\textstyle P\in G_{1},Q\in G_{2}$ be generators of $\textstyle G_{1}$ and $\textstyle G_{2}$ respectively.

A pairing is a map: $e:G_{1}\times G_{2}\rightarrow G_{T}$ for which the following holds:

1. Bilinearity: $\textstyle \forall a,b\in \mathbb {Z} :\ e\left(aP,bQ\right)=e\left(P,Q\right)^{ab}$ 2. Non-degeneracy: $\textstyle e\left(P,Q\right)\neq 1$ 3. For practical purposes, $\textstyle e$ has to be computable in an efficient manner

Note that it is also common in cryptographic literature for all groups to be written in multiplicative notation.

In cases when $\textstyle G_{1}=G_{2}=G$ , the pairing is called symmetric. As $\textstyle G$ is cyclic, the map $e$ will be commutative; that is, for any $P,Q\in G$ , we have $e(P,Q)=e(Q,P)$ . This is because for a generator $g\in G$ , there exist integers $p$ , $q$ such that $P=g^{p}$ and $Q=g^{q}$ . Therefore $e(P,Q)=e(g^{p},g^{q})=e(g,g)^{pq}=e(g^{q},g^{p})=e(Q,P)$ .

The Weil pairing is an important pairing in elliptic curve cryptography; e.g., it may be used to attack certain elliptic curves (see MOV attack). It and other pairings have been used to develop identity-based encryption schemes.

Types of pairing

There are four types of pairing. More is needed here to explain each type.

Slightly different usages of the notion of pairing

Scalar products on complex vector spaces are sometimes called pairings, although they are not bilinear. For example, in representation theory, one has a scalar product on the characters of complex representations of a finite group which is frequently called character pairing.