131 research outputs found
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
Developing an Automatic Generation Tool for Cryptographic Pairing Functions
Pairing-Based Cryptography is receiving steadily more attention from industry, mainly
because of the increasing interest in Identity-Based protocols. Although there are plenty of
applications, efficiently implementing the pairing functions is often difficult as it requires
more knowledge than previous cryptographic primitives. The author presents a tool for
automatically generating optimized code for the pairing functions which can be used in the
construction of such cryptographic protocols.
In the following pages I present my work done on the construction of pairing function
code, its optimizations and how their construction can be automated to ease the work of the
protocol implementer.
Based on the user requirements and the security level, the created cryptographic compiler
chooses and constructs the appropriate elliptic curve. It identifies the supported pairing
function: the Tate, ate, R-ate or pairing lattice/optimal pairing, and its optimized parameters.
Using artificial intelligence algorithms, it generates optimized code for the final exponentiation
and for hashing a point to the required group using the parametrisation of the
chosen family of curves.
Support for several multi-precision libraries has been incorporated: Magma, MIRACL
and RELIC are already included, but more are possible
Pairings in Cryptology: efficiency, security and applications
Abstract
The study of pairings can be considered in so many di�erent ways that it
may not be useless to state in a few words the plan which has been adopted,
and the chief objects at which it has aimed. This is not an attempt to write
the whole history of the pairings in cryptology, or to detail every discovery,
but rather a general presentation motivated by the two main requirements
in cryptology; e�ciency and security.
Starting from the basic underlying mathematics, pairing maps are con-
structed and a major security issue related to the question of the minimal
embedding �eld [12]1 is resolved. This is followed by an exposition on how
to compute e�ciently the �nal exponentiation occurring in the calculation
of a pairing [124]2 and a thorough survey on the security of the discrete log-
arithm problem from both theoretical and implementational perspectives.
These two crucial cryptologic requirements being ful�lled an identity based
encryption scheme taking advantage of pairings [24]3 is introduced. Then,
perceiving the need to hash identities to points on a pairing-friendly elliptic
curve in the more general context of identity based cryptography, a new
technique to efficiently solve this practical issue is exhibited.
Unveiling pairings in cryptology involves a good understanding of both
mathematical and cryptologic principles. Therefore, although �rst pre-
sented from an abstract mathematical viewpoint, pairings are then studied
from a more practical perspective, slowly drifting away toward cryptologic
applications
Don’t Forget Pairing-Friendly Curves with Odd Prime Embedding Degrees
Pairing-friendly curves with odd prime embedding degrees
at the 128-bit security level, such as BW13-310 and BW19-286, sparked
interest in the field of public-key cryptography as small sizes of the prime
fields. However, compared to mainstream pairing-friendly curves at the
same security level, i.e., BN446 and BLS12-446, the performance of pairing computations on BW13-310 and BW19-286 is usually considered
ineffcient. In this paper we investigate high performance software implementations of pairing computation on BW13-310 and corresponding
building blocks used in pairing-based protocols, including hashing, group
exponentiations and membership testings. Firstly, we propose effcient
explicit formulas for pairing computation on this curve. Moreover, we
also exploit the state-of-art techniques to implement hashing in G1 and
G2, group exponentiations and membership testings. In particular, for
exponentiations in G2 and GT , we present new optimizations to speed
up computational effciency. Our implementation results on a 64-bit processor show that the gap in the performance of pairing computation between BW13-310 and BN446 (resp. BLS12-446) is only up to 4.9% (resp.
26%). More importantly, compared to BN446 and BLS12-446, BW13-
310 is about 109.1% − 227.3%, 100% − 192.6%, 24.5% − 108.5% and
68.2% − 145.5% faster in terms of hashing to G1, exponentiations in G1
and GT , and membership testing for GT , respectively. These results reveal that BW13-310 would be an interesting candidate in pairing-based
cryptographic protocols
Cryptographic Pairings: Efficiency and DLP security
This thesis studies two important aspects of the use of pairings in cryptography, efficient
algorithms and security.
Pairings are very useful tools in cryptography, originally used for the cryptanalysis of
elliptic curve cryptography, they are now used in key exchange protocols, signature schemes
and Identity-based cryptography.
This thesis comprises of two parts: Security and Efficient Algorithms.
In Part I: Security, the security of pairing-based protocols is considered, with a thorough
examination of the Discrete Logarithm Problem (DLP) as it occurs in PBC. Results on the
relationship between the two instances of the DLP will be presented along with a discussion
about the appropriate selection of parameters to ensure particular security level.
In Part II: Efficient Algorithms, some of the computational issues which arise when using
pairings in cryptography are addressed. Pairings can be computationally expensive, so
the Pairing-Based Cryptography (PBC) research community is constantly striving to find
computational improvements for all aspects of protocols using pairings. The improvements
given in this section contribute towards more efficient methods for the computation of pairings,
and increase the efficiency of operations necessary in some pairing-based protocol
- …