31 research outputs found
A Digital Signature Scheme for Long-Term Security
In this paper we propose a signature scheme based on two intractable
problems, namely the integer factorization problem and the discrete logarithm
problem for elliptic curves. It is suitable for applications requiring
long-term security and provides a more efficient solution than the existing
ones
A Note on Point Multiplication on Supersingular Elliptic Curves over Ternary Fields
Recently, the supersingular elliptic curves over ternary fields are widely used in pairing based crypto-applications since they achieve the best possible ratio between security level and space requirement. We propose new algorithms for projective arithmetic on the curves, where the point tripling is field multiplication free, and point addition and point doubling requires one field multiplication less than the known best algorithms, respectively. The algorithms combined with DBNS can lead to apparently speed up scalar multiplications on the curves
Refinements of Miller's Algorithm over Weierstrass Curves Revisited
In 1986 Victor Miller described an algorithm for computing the Weil pairing
in his unpublished manuscript. This algorithm has then become the core of all
pairing-based cryptosystems. Many improvements of the algorithm have been
presented. Most of them involve a choice of elliptic curves of a \emph{special}
forms to exploit a possible twist during Tate pairing computation. Other
improvements involve a reduction of the number of iterations in the Miller's
algorithm. For the generic case, Blake, Murty and Xu proposed three refinements
to Miller's algorithm over Weierstrass curves. Though their refinements which
only reduce the total number of vertical lines in Miller's algorithm, did not
give an efficient computation as other optimizations, but they can be applied
for computing \emph{both} of Weil and Tate pairings on \emph{all}
pairing-friendly elliptic curves. In this paper we extend the Blake-Murty-Xu's
method and show how to perform an elimination of all vertical lines in Miller's
algorithm during Weil/Tate pairings computation on \emph{general} elliptic
curves. Experimental results show that our algorithm is faster about 25% in
comparison with the original Miller's algorithm.Comment: 17 page
Zero-configuration identity-based IP network encryptor
For corporations or individuals who wish to protect the confidentiality of their data across computer networks, network-layer encryption offers an efficient and proven method for preserving data privacy. Network layer encryption such as IPSec is more flexible than higher layer solutions since it is not application-dependent and can protect all end-to-end traffics that go between two hosts. Using IPSec, two hosts must first establish a session key through message exchanges before they can communicate. In this paper, we present an Identity Based Encryption (IBE) scheme that allows a host to calculate the per-packet encryption key based on the IP address of the destination host, without going through the expensive key exchange process as in IPSec. Our mechanism is compatible with the current IP protocol and we tested our scheme with live HTTP and ICMP traffic. Our results show that our protocol provides a zero-configuration network layer encryption solution for end-to-end secure communications that is ideal for consumer electronics applications. © 2006 IEEE.published_or_final_versio
Efficient hash maps to G2 on BLS curves
When a pairing e:G1×G2→GT, on an elliptic curve E defined over a finite field Fq, is exploited for an identity-based protocol, there is often the need to hash binary strings into G1 and G2. Traditionally, if E admits a twist E~ of order d, then G1=E(Fq)∩E[r], where r is a prime integer, and G2=E~(Fqk/d)∩E~[r], where k is the embedding degree of E w.r.t. r. The standard approach for hashing into G2 is to map to a general point P∈E~(Fqk/d) and then multiply it by the cofactor c=#E~(Fqk/d)/r. Usually, the multiplication by c is computationally expensive. In order to speed up such a computation, two different methods—by Scott et al. (International conference on pairing-based cryptography. Springer, Berlin, pp 102–113, 2009) and by Fuentes-Castaneda et al. (International workshop on selected areas in cryptography)—have been proposed. In this paper we consider these two methods for BLS pairing-friendly curves having k∈{12,24,30,42,48}, providing efficiency comparisons. When k=42,48, the application of Fuentes et al. method requires expensive computations which were infeasible for the computational power at our disposal. For these cases, we propose hashing maps that we obtained following Fuentes et al. idea.publishedVersio
A Practical Second-Order Fault Attack against a Real-World Pairing Implementation
Several fault attacks against pairing-based
cryptography have been described theoretically in recent
years. Interestingly, none of these have been practically
evaluated. We accomplished this task and prove that fault
attacks against pairing-based cryptography are indeed
possible and are even practical — thus posing a serious
threat. Moreover, we successfully conducted a second-order fault attack against an open source implementation
of the eta pairing on an AVR XMEGA A1. We injected
the first fault into the computation of the Miller Algorithm
and applied the second fault to skip the final exponentiation completely. We introduce a low-cost setup that
allowed us to generate multiple independent faults in one
computation. The setup implements these faults by clock
glitches which induce instruction skips. With this setup we
conducted the first practical fault attack against a complete
pairing computation