1,620 research outputs found
On Prime-Order Elliptic Curves with Embedding Degrees 3, 4 and 6
Bilinear pairings on elliptic curves have many cryptographic
applications such as identity based encryption,
one-round three-party key agreement protocols,
and short signature schemes.
The elliptic curves which are suitable for pairing-based cryptography
are called pairing friendly curves. The prime-order
pairing friendly curves with embedding degrees k=3,4
and 6 were characterized by Miyaji, Nakabayashi and Takano.
We study this characterization of MNT curves in details.
We present explicit algorithms
to obtain suitable curve
parameters and to construct the corresponding elliptic curves.
We also give a heuristic lower bound for the expected
number of isogeny classes of MNT curves. Moreover,
the related theoretical findings are compared
with our experimental results
Security evaluation of a key management scheme based on bilinear maps on elliptic curves
In recent years, many applications of elliptic curves to cryptography have
been developed. Cryptosystems based on groups of rational points on elliptic curves allow more efficient alternatives to finite field cryptography, which usually requires groups with larger cardinality and lower efficiency. The existence of non-degenerate, bilinear maps on elliptic curves, called pairings, allow the construction of many efficient cryptosystems; however, their security must be carefully studied. We will study the security of a key menagement scheme introduced by Boneh, Gentry and Waters in 2005, which is based on the decisional version of the l-BDHE problem. This is a variant of the classical Diffie-Hellman problem, specifically constructed for pairing-based cryptography. Its hardness, is still a research topic and only some theoretical evidence exists. The aim of this work is to investigate the security of this broadcast encryption system, taking in account a model that proves the hardness of the l-BDHE problem, under strong assumptions. Drawbacks of this approach will be discussed: its main weakness is the system's behaviour during attack simulations, which is far from real. The main result of this thesis is a lower bound on the running time of an adversary solving the above problem.
Moreover, also the elliptic curve choice, when implementing an encryption
scheme, could affect its security. We will review the main criteria for this choice and we will investigate the existence of elliptic curves suitable for the system of our interest
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
Distortion maps for genus two curves
Distortion maps are a useful tool for pairing based cryptography. Compared
with elliptic curves, the case of hyperelliptic curves of genus g > 1 is more
complicated since the full torsion subgroup has rank 2g. In this paper we prove
that distortion maps always exist for supersingular curves of genus g>1 and we
construct distortion maps in genus 2 (for embedding degrees 4,5,6 and 12).Comment: 16 page
Efficient algorithms for pairing-based cryptosystems
We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable
to that of RSA in larger characteristics.We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction
over Fpm, the latter technique being also useful in contexts other than that of pairing-based cryptography
More Discriminants with the Brezing-Weng Method
The Brezing-Weng method is a general framework to generate families of
pairing-friendly elliptic curves. Here, we introduce an improvement which can
be used to generate more curves with larger discriminants. Apart from the
number of curves this yields, it provides an easy way to avoid endomorphism
rings with small class number
- âŠ