From Wikipedia, the free encyclopedia

In mathematics, a pairing is an R-bilinear map from the Cartesian product of two R-modules, where the underlying ring R is commutative.


Let R be a commutative ring with unit, and let M, N and L be R-modules.

A pairing is any R-bilinear map . That is, it satisfies


for any and any and any . Equivalently, a pairing is an R-linear map

where denotes the tensor product of M and N.

A pairing can also be considered as an R-linear map , which matches the first definition by setting .

A pairing is called perfect if the above map is an isomorphism of R-modules.

A pairing is called non-degenerate on the right if for the above map we have that for all implies ; similarly, is called non-degenerate on the left if for all implies .

A pairing is called alternating if and for all m. In particular, this implies , while bilinearity shows . Thus, for an alternating pairing, .


Any scalar product on a real vector space V is a pairing (set M = N = V, R = R in the above definitions).

The determinant map (2 × 2 matrices over k) → k can be seen as a pairing .

The Hopf map written as is an example of a pairing. For instance, Hardie et al.[1] present an explicit construction of the map using poset models.

Pairings in cryptography[edit]

In cryptography, often the following specialized definition is used:[2]

Let be additive groups and a multiplicative group, all of prime order . Let be generators of and respectively.

A pairing is a map:

for which the following holds:

  1. Bilinearity:
  2. Non-degeneracy:
  3. For practical purposes, has to be computable in an efficient manner

Note that it is also common in cryptographic literature for all groups to be written in multiplicative notation.

In cases when , the pairing is called symmetric. As is cyclic, the map will be commutative; that is, for any , we have . This is because for a generator , there exist integers , such that and . Therefore .

The Weil pairing is an important concept in elliptic curve cryptography; e.g., it may be used to attack certain elliptic curves (see MOV attack). It and other pairings have been used to develop identity-based encryption schemes.

Slightly different usages of the notion of pairing[edit]

Scalar products on complex vector spaces are sometimes called pairings, although they are not bilinear. For example, in representation theory, one has a scalar product on the characters of complex representations of a finite group which is frequently called character pairing.

See also[edit]


  1. ^ Hardie K.A.1; Vermeulen J.J.C.; Witbooi P.J., A nontrivial pairing of finite T0 spaces, Topology and its Applications, Volume 125, Number 3, 20 November 2002 , pp. 533–542.
  2. ^ Dan Boneh, Matthew K. Franklin, Identity-Based Encryption from the Weil Pairing, SIAM J. of Computing, Vol. 32, No. 3, pp. 586–615, 2003.

External links[edit]