Pairing

In mathematics, a pairing is an R-bilinear map from the Cartesian product of two R-modules, where the underlying ring R is commutative.

Let R be a commutative ring with unit, and let M, N and L be R-modules.

A pairing is any R-bilinear map ${\displaystyle e:M\times N\to L}$. That is, it satisfies

${\displaystyle e(r\cdot m,n)=e(m,r\cdot n)=r\cdot e(m,n)}$,

${\displaystyle e(m_1+m_2,n)=e(m_1,n)+e(m_2,n)}$ and ${\displaystyle e(m,n_1+n_2)=e(m,n_1)+e(m,n_2)}$

for any ${\displaystyle r\in R}$ and any ${\displaystyle m,m_1,m_2\in M}$ and any ${\displaystyle n,n_1,n_2\in N}$. Equivalently, a pairing is an R-linear map

${\displaystyle M{\otimes }_{R}N\to L}$

where ${\displaystyle M{\otimes }_{R}N}$ denotes the tensor product of M and N.

A pairing can also be considered as an R-linear map ${\displaystyle \Phi :M\to {\mathrm{Hom}}_R(N,L)}$, which matches the first definition by setting ${\displaystyle \Phi (m)(n):=e(m,n)}$.

A pairing is called perfect if the above map ${\displaystyle \Phi }$ is an isomorphism of R-modules and the other evaluation map ${\displaystyle {\Phi }^{\prime }:N\to {\mathrm{Hom}}_R(M,L)}$ is an isomorphism also. In nice cases, it suffices that just one of these be an isomorphism, e.g. when R is a field, M,N are finite dimensional vector spaces and L=R.

A pairing is called non-degenerate on the right if for the above map we have that ${\displaystyle e(m,n)=0}$ for all ${\displaystyle m}$ implies ${\displaystyle n=0}$; similarly, ${\displaystyle e}$ is called non-degenerate on the left if ${\displaystyle e(m,n)=0}$ for all ${\displaystyle n}$ implies ${\displaystyle m=0}$.

A pairing is called alternating if ${\displaystyle N=M}$ and ${\displaystyle e(m,m)=0}$ for all m. In particular, this implies ${\displaystyle e(m+n,m+n)=0}$, while bilinearity shows ${\displaystyle e(m+n,m+n)=e(m,m)+e(m,n)+e(n,m)+e(n,n)=e(m,n)+e(n,m)}$. Thus, for an alternating pairing, ${\displaystyle e(m,n)=-e(n,m)}$.

Any scalar product on a real vector space V is a pairing (set M = N = V, R = R in the above definitions).

The determinant map (2 × 2 matrices over k) → k can be seen as a pairing ${\displaystyle k^2\times k^2\to k}$.

The Hopf map ${\displaystyle S^3\to S^2}$ written as ${\displaystyle h:S^2\times S^2\to S^2}$ is an example of a pairing. For instance, Hardie et al.^[1] present an explicit construction of the map using poset models.

In cryptography, often the following specialized definition is used:^[2]

Let ${\displaystyle G_1,G_2}$ be additive groups and ${\displaystyle G_T}$ a multiplicative group, all of prime order ${\displaystyle p}$. Let ${\displaystyle P\in G_1,Q\in G_2}$ be generators of ${\displaystyle G_1}$ and ${\displaystyle G_2}$ respectively.

A pairing is a map: ${\displaystyle e:G_1\times G_2\to G_T}$

for which the following holds:

1. Bilinearity: ${\displaystyle \mathrm{\forall }a,b\in \mathbb{Z}:e(aP,bQ)=e{(P,Q)}^{ab}}$
2. Non-degeneracy: ${\displaystyle e(P,Q)\ne 1}$
3. For practical purposes, ${\displaystyle e}$ has to be computable in an efficient manner

Note that it is also common in cryptographic literature for all groups to be written in multiplicative notation.

In cases when ${\displaystyle G_1=G_2=G}$, the pairing is called symmetric. As ${\displaystyle G}$ is cyclic, the map ${\displaystyle e}$ will be commutative; that is, for any ${\displaystyle P,Q\in G}$, we have ${\displaystyle e(P,Q)=e(Q,P)}$. This is because for a generator ${\displaystyle g\in G}$, there exist integers ${\displaystyle p}$, ${\displaystyle q}$ such that ${\displaystyle P=g^p}$ and ${\displaystyle Q=g^q}$. Therefore ${\displaystyle e(P,Q)=e(g^p,g^q)=e(g,g{)}^{pq}=e(g^q,g^p)=e(Q,P)}$.

The Weil pairing is an important concept in elliptic curve cryptography; e.g., it may be used to attack certain elliptic curves (see MOV attack). It and other pairings have been used to develop identity-based encryption schemes.

Scalar products on complex vector spaces are sometimes called pairings, although they are not bilinear. For example, in representation theory, one has a scalar product on the characters of complex representations of a finite group which is frequently called character pairing.

• Dual system
• Yoneda product

• The Pairing-Based Crypto Library