5,685 research outputs found
Identity-based Key Agreement Protocols From Pairings
In recent years, a large number of identity-based key agreement
protocols from pairings have been proposed. Some of them are
elegant and practical. However, the security of this type of
protocols has been surprisingly hard to prove. The main issue is
that a simulator is not able to deal with reveal queries, because
it requires solving either a computational problem or a decisional
problem, both of which are generally believed to be hard (i.e.,
computationally infeasible). The best solution of security proof
published so far uses the gap assumption, which means assuming
that the existence of a decisional oracle does not change the
hardness of the corresponding computational problem. The
disadvantage of using this solution to prove the security for this
type of protocols is that such decisional oracles, on which the
security proof relies, cannot be performed by any polynomial time
algorithm in the real world, because of the hardness of the
decisional problem. In this paper we present a method
incorporating a built-in decisional function in this type of
protocols. The function transfers a hard decisional problem in the
proof to an easy decisional problem. We then discuss the resulting
efficiency of the schemes and the relevant security reductions in
the context of different pairings one can use. We pay particular
attention, unlike most other papers in the area, to the issues
which arise when using asymmetric pairings
On the Relations Between Diffie-Hellman and ID-Based Key Agreement from Pairings
This paper studies the relationships between the traditional Diffie-Hellman
key agreement protocol and the identity-based (ID-based) key agreement protocol
from pairings.
For the Sakai-Ohgishi-Kasahara (SOK) ID-based key construction, we show that
identical to the Diffie-Hellman protocol, the SOK key agreement protocol also
has three variants, namely \emph{ephemeral}, \emph{semi-static} and
\emph{static} versions. Upon this, we build solid relations between
authenticated Diffie-Hellman (Auth-DH) protocols and ID-based authenticated key
agreement (IB-AK) protocols, whereby we present two \emph{substitution rules}
for this two types of protocols. The rules enable a conversion between the two
types of protocols. In particular, we obtain the \emph{real} ID-based version
of the well-known MQV (and HMQV) protocol.
Similarly, for the Sakai-Kasahara (SK) key construction, we show that the key
transport protocol underlining the SK ID-based encryption scheme (which we call
the "SK protocol") has its non-ID counterpart, namely the Hughes protocol.
Based on this observation, we establish relations between corresponding
ID-based and non-ID-based protocols. In particular, we propose a highly
enhanced version of the McCullagh-Barreto protocol
Pairing-based cryptosystems and key agreement protocols.
For a long time, pairings on elliptic curves have been considered to be destructive in elliptic curve cryptography. Only recently after some pioneering works, particularly the well-known Boneh-Franklin identity-based encryption (IBE), pairings have quickly become an important
tool to construct novel cryptographic schemes.
In this thesis, several new cryptographic schemes with pairings are proposed, which are both efficient and secure with respect to a properly defined security model, and some
relevant previous schemes are revisited.
IBE provides a public key encryption mechanism where a public key can be an arbitrary string such as an entity identifier and unwieldy certificates are unnecessary. Based on the Sakai-Kasahara key construction, an IBE scheme which is secure in the Boneh-Franklin IBE model is constructed, and two identity-based key encapsulation mechanisms are proposed. These schemes achieve the best efficiency among the existing schemes to date. Recently Al-Riyami and Paterson introduced the certificateless public key encryption (CL-PKE) paradigm, which eliminates the need of certificates and at the same time retains the desirable properties of IBE without the key escrow problem. The security formulation of CL-PKE is revisited and a strong security model for this type of mechanism is defined.
Following a heuristic approach, three efficient CL-PKE schemes which are secure in the defined strong security model are proposed. Identity-based two-party key agreement protocols from pairings are also investigated.
The Bellare-Rogaway key agreement model is enhanced and within the model several previously unproven protocols in the literature are formally analysed. In considering that the user identity may be sensitive information in many environments, an identity-based key agreement protocol with unilateral identity privacy is proposed
Pairing-based cryptosystems and key agreement protocols
For a long time, pairings on elliptic curves have been considered to be destructive in elliptic curve cryptography. Only recently after some pioneering works, particularly the well-known Boneh-Franklin identity-based encryption (IBE), pairings have quickly become an important tool to construct novel cryptographic schemes. In this thesis, several new cryptographic schemes with pairings are proposed, which are both efficient and secure with respect to a properly defined security model, and some relevant previous schemes are revisited. IBE provides a public key encryption mechanism where a public key can be an arbitrary string such as an entity identifier and unwieldy certificates are unnecessary. Based on the Sakai-Kasahara key construction, an IBE scheme which is secure in the Boneh-Franklin IBE model is constructed, and two identity-based key encapsulation mechanisms are proposed. These schemes achieve the best efficiency among the existing schemes to date. Recently Al-Riyami and Paterson introduced the certificateless public key encryption (CL-PKE) paradigm, which eliminates the need of certificates and at the same time retains the desirable properties of IBE without the key escrow problem. The security formulation of CL-PKE is revisited and a strong security model for this type of mechanism is defined. Following a heuristic approach, three efficient CL-PKE schemes which are secure in the defined strong security model are proposed. Identity-based two-party key agreement protocols from pairings are also investigated. The Bellare-Rogaway key agreement model is enhanced and within the model several previously unproven protocols in the literature are formally analysed. In considering that the user identity may be sensitive information in many environments, an identity-based key agreement protocol with unilateral identity privacy is proposed.EThOS - Electronic Theses Online ServiceGBUnited Kingdo
Secure and authenticated key agreement protocol with minimal complexity of operations in the context of identity-based cryptosystems
Recently, a large variety of Identity-Based Key Agreement protocols have tried to eliminate the use of Bilinear Pairings in order to decrease complexity of computations through performing group operations over Elliptic Curves. In this paper we propose a novel pairing-free Key Agreement protocol over elliptic curve based algebraic groups. The results show that our proposed protocol is significantly less complex than related works from complexity of computation perspective
Comments: Insider attack on Cheng et al.\u27s pairing-based tripartite key agreement protocols
Recently, Cheng et al. proposed two tripartite key agreement protocols from pairings: one is certificate-based and the other is identity-based (ID-based). In this article, we show that the two schemes are vulnerable to the insider impersonation attack and the ID-based scheme even discloses the entities¡¦ private keys. Solutions to this problem are discussed
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
- …