Fast subgroup membership testings for 𝔾_1 , 𝔾_2 and 𝔾_T on pairing-friendly curves

Pairing-based cryptographic protocols are typically vulnerable to small-subgroup attacks in the absence of protective measures. Subgroup membership testing is one of the feasible methods to address this security weakness. However, it generally causes an expensive computational cost on many pairing-friendly curves. Recently, Scott proposed efficient methods of subgroup membership testings for 𝔾_1 , 𝔾_2 and 𝔾_T on the BLS family. In this paper, we generalize these methods and show that the new techniques are applicable to a large class of pairing-friendly curves. In particular, we also confirm that our new methods lead to a significant speedup for subgroup membership testings on many popular pairing-friendly curves at high security level.