Fast subgroup membership testings for G₁, G₂ and G_T on pairing-friendly curves

Pairing-based cryptographic protocols are typically vulnerable to small-subgroup attacks in the absence of protective measures. Subgroup membership testing is one of the feasible methods to address this security weakness. However, it generally causes an expensive com-putational cost on many pairing-friendly curves. Recently, Scott proposed efficient methods of subgroup membership testings for G(1) , G(2) and G(T) on the BLS family. In this paper, we generalize these methods and show that the new techniques are applicable to a large class of pairing-friendly curves. In particular, we also confirm that our new methods lead to a signif-icant speedup for subgroup membership testings on many popular pairing-friendly curves at high security level.