409 research outputs found
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
Identity based cryptography from bilinear pairings
This report contains an overview of two related areas of research in cryptography
which have been prolific in significant advances in recent years. The first of
these areas is pairing based cryptography. Bilinear pairings over elliptic curves
were initially used as formal mathematical tools and later as cryptanalysis tools
that rendered supersingular curves insecure. In recent years, bilinear pairings
have been used to construct many cryptographic schemes. The second area
covered by this report is identity based cryptography. Digital certificates are
a fundamental part of public key cryptography, as one needs a secure way of
associating an agent’s identity with a random (meaningless) public key. In
identity based cryptography, public keys can be arbitrary bit strings, including
readable representations of one’s identity.Fundação para a Ci~Encia e Tecnologia - SFRH/BPD/20528/2004
Pairings in Cryptology: efficiency, security and applications
Abstract
The study of pairings can be considered in so many di�erent ways that it
may not be useless to state in a few words the plan which has been adopted,
and the chief objects at which it has aimed. This is not an attempt to write
the whole history of the pairings in cryptology, or to detail every discovery,
but rather a general presentation motivated by the two main requirements
in cryptology; e�ciency and security.
Starting from the basic underlying mathematics, pairing maps are con-
structed and a major security issue related to the question of the minimal
embedding �eld [12]1 is resolved. This is followed by an exposition on how
to compute e�ciently the �nal exponentiation occurring in the calculation
of a pairing [124]2 and a thorough survey on the security of the discrete log-
arithm problem from both theoretical and implementational perspectives.
These two crucial cryptologic requirements being ful�lled an identity based
encryption scheme taking advantage of pairings [24]3 is introduced. Then,
perceiving the need to hash identities to points on a pairing-friendly elliptic
curve in the more general context of identity based cryptography, a new
technique to efficiently solve this practical issue is exhibited.
Unveiling pairings in cryptology involves a good understanding of both
mathematical and cryptologic principles. Therefore, although �rst pre-
sented from an abstract mathematical viewpoint, pairings are then studied
from a more practical perspective, slowly drifting away toward cryptologic
applications
Towards Green Computing Oriented Security: A Lightweight Postquantum Signature for IoE
[EN] Postquantum cryptography for elevating security against attacks by quantum computers in the Internet of Everything (IoE) is still in its infancy. Most postquantum based cryptosystems have longer keys and signature sizes and require more computations that span several orders of magnitude in energy consumption and computation time, hence the sizes of the keys and signature are considered as another aspect of security by green design. To address these issues, the security solutions should migrate to the advanced and potent methods for protection against quantum attacks and offer energy efficient and faster cryptocomputations. In this context, a novel security framework Lightweight Postquantum ID-based Signature (LPQS) for secure communication in the IoE environment is presented. The proposed LPQS framework incorporates a supersingular isogeny curve to present a digital signature with small key sizes which is quantum-resistant. To reduce the size of the keys, compressed curves are used and the validation of the signature depends on the commutative property of the curves. The unforgeability of LPQS under an adaptively chosen message attack is proved. Security analysis and the experimental validation of LPQS are performed under a realistic software simulation environment to assess its lightweight performance considering embedded nodes. It is evident that the size of keys and the signature of LPQS is smaller than that of existing signature-based postquantum security techniques for IoE. It is robust in the postquantum environment and efficient in terms of energy and computations.This project was funded by the Deanship of Scientific Research (DSR), King Abdulaziz University. Jeddah. under grant No. (DF-457-156-1441).Rani, R.; Kumar, S.; Kaiwartya, O.; Khasawneh, AM.; Lloret, J.; Al-Khasawneh, MA.; Mahmoud, M.... (2021). Towards Green Computing Oriented Security: A Lightweight Postquantum Signature for IoE. Sensors. 21(5):1-20. https://doi.org/10.3390/s2105188312021
Hard isogeny problems over RSA moduli and groups with infeasible inversion
We initiate the study of computational problems on elliptic curve isogeny
graphs defined over RSA moduli. We conjecture that several variants of the
neighbor-search problem over these graphs are hard, and provide a comprehensive
list of cryptanalytic attempts on these problems. Moreover, based on the
hardness of these problems, we provide a construction of groups with infeasible
inversion, where the underlying groups are the ideal class groups of imaginary
quadratic orders.
Recall that in a group with infeasible inversion, computing the inverse of a
group element is required to be hard, while performing the group operation is
easy. Motivated by the potential cryptographic application of building a
directed transitive signature scheme, the search for a group with infeasible
inversion was initiated in the theses of Hohenberger and Molnar (2003). Later
it was also shown to provide a broadcast encryption scheme by Irrer et al.
(2004). However, to date the only case of a group with infeasible inversion is
implied by the much stronger primitive of self-bilinear map constructed by
Yamakawa et al. (2014) based on the hardness of factoring and
indistinguishability obfuscation (iO). Our construction gives a candidate
without using iO.Comment: Significant revision of the article previously titled "A Candidate
Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the
constructions by giving toy examples, added "The Parallelogram Attack" (Sec
5.3.2). 54 pages, 8 figure
Cryptographic Pairings: Efficiency and DLP security
This thesis studies two important aspects of the use of pairings in cryptography, efficient
algorithms and security.
Pairings are very useful tools in cryptography, originally used for the cryptanalysis of
elliptic curve cryptography, they are now used in key exchange protocols, signature schemes
and Identity-based cryptography.
This thesis comprises of two parts: Security and Efficient Algorithms.
In Part I: Security, the security of pairing-based protocols is considered, with a thorough
examination of the Discrete Logarithm Problem (DLP) as it occurs in PBC. Results on the
relationship between the two instances of the DLP will be presented along with a discussion
about the appropriate selection of parameters to ensure particular security level.
In Part II: Efficient Algorithms, some of the computational issues which arise when using
pairings in cryptography are addressed. Pairings can be computationally expensive, so
the Pairing-Based Cryptography (PBC) research community is constantly striving to find
computational improvements for all aspects of protocols using pairings. The improvements
given in this section contribute towards more efficient methods for the computation of pairings,
and increase the efficiency of operations necessary in some pairing-based protocol
Elliptic Curve Cryptography on Modern Processor Architectures
Abstract
Elliptic Curve Cryptography (ECC) has been adopted by the US National Security Agency (NSA) in Suite "B" as part of its "Cryptographic Modernisation Program ". Additionally,
it has been favoured by an entire host of mobile devices due to its superior performance characteristics. ECC is also the building block on which the exciting field of pairing/identity based cryptography is based. This widespread use means that there is potentially a lot to be gained by researching efficient implementations on modern processors such as IBM's Cell Broadband Engine and Philip's next generation smart card cores. ECC operations can be thought of as a pyramid of building blocks, from instructions on a core, modular operations on a finite field, point addition & doubling, elliptic curve scalar
multiplication to application level protocols. In this thesis we examine an implementation of these components for ECC focusing on a range of optimising techniques for the Cell's SPU and the MIPS smart card. We show significant performance improvements that can be achieved through of adoption of EC
Solving discrete logarithms on a 170-bit MNT curve by pairing reduction
Pairing based cryptography is in a dangerous position following the
breakthroughs on discrete logarithms computations in finite fields of small
characteristic. Remaining instances are built over finite fields of large
characteristic and their security relies on the fact that the embedding field
of the underlying curve is relatively large. How large is debatable. The aim of
our work is to sustain the claim that the combination of degree 3 embedding and
too small finite fields obviously does not provide enough security. As a
computational example, we solve the DLP on a 170-bit MNT curve, by exploiting
the pairing embedding to a 508-bit, degree-3 extension of the base field.Comment: to appear in the Lecture Notes in Computer Science (LNCS
I2PA : An Efficient ABC for IoT
Internet of Things (IoT) is very attractive because of its promises. However,
it brings many challenges, mainly issues about privacy preserving and
lightweight cryptography. Many schemes have been designed so far but none of
them simultaneously takes into account these aspects. In this paper, we propose
an efficient ABC scheme for IoT devices. We use ECC without pairing, blind
signing and zero knowledge proof. Our scheme supports block signing, selective
disclosure and randomization. It provides data minimization and transactions'
unlinkability. Our construction is efficient since smaller key size can be used
and computing time can be reduced. As a result, it is a suitable solution for
IoT devices characterized by three major constraints namely low energy power,
small storage capacity and low computing power
- …