I have a 256bit signature and a certificate with a public key to verify it. I had little information about the signature scheme used, but I know now that it's "ECBNwithSHA256". I have never come across these Barreto-Naehrig Curves until now. My question to the community is: The certificate contains two point pairs (each 32 bytes) as the public key.
Can someone explain to me why the public key consists of 4 points here? This is a Screenshot of the certificate:
It is common to define pairing-friendly curve such as Barreto-Naehrig on sextic twists to implement efficient pairings (https://eprint.iacr.org/2012/232.pdf). for example, $E(\mathbb{F}_p): y^2 = x^3 + 2$ and sextic twist $E'(\mathbb{F}_{p^2}): x'^3 + \frac{2}{s} = x'^3 + 1 - u, where ,\mathbb{F}_{p^2} = \mathbb{F}_p [u]/(u^2 + 1), \mathbb{F}_{p^6} = \mathbb{F}_{p^2} [v]/(v^3 - (1+u)), \mathbb{F}_{p^{12}}=\mathbb{F}_{p^6} [w]/(w^2 - v), 1/s = 1/(1 + u)$ So the public key may be a point on a curve defined over an extended field and thus the coordinates will have multiple components. I didn't get into your screenshot in detail but I think it may be a point on the curve over $\mathbb{F}_p^2$ and thus the coordinates $(x,y)$ have 2 components each which explains why you have components of 32 bytes each.
