Identity-based Key Agreement Protocols From Pairings

In recent years, a large number of identity-based key agreement protocols from pairings have been proposed. Some of them are elegant and practical. However, the security of this type of protocols has been surprisingly hard to prove. The main issue is that a simulator is not able to deal with reveal queries, because it requires solving either a computational problem or a decisional problem, both of which are generally believed to be hard (i.e., computationally infeasible). The best solution of security proof published so far uses the gap assumption, which means assuming that the existence of a decisional oracle does not change the hardness of the corresponding computational problem. The disadvantage of using this solution to prove the security for this type of protocols is that such decisional oracles, on which the security proof relies, cannot be performed by any polynomial time algorithm in the real world, because of the hardness of the decisional problem. In this paper we present a method incorporating a built-in decisional function in this type of protocols. The function transfers a hard decisional problem in the proof to an easy decisional problem. We then discuss the resulting efficiency of the schemes and the relevant security reductions in the context of different pairings one can use. We pay particular attention, unlike most other papers in the area, to the issues which arise when using asymmetric pairings

On the Relations Between Diffie-Hellman and ID-Based Key Agreement from Pairings

This paper studies the relationships between the traditional Diffie-Hellman key agreement protocol and the identity-based (ID-based) key agreement protocol from pairings. For the Sakai-Ohgishi-Kasahara (SOK) ID-based key construction, we show that identical to the Diffie-Hellman protocol, the SOK key agreement protocol also has three variants, namely \emph{ephemeral}, \emph{semi-static} and \emph{static} versions. Upon this, we build solid relations between authenticated Diffie-Hellman (Auth-DH) protocols and ID-based authenticated key agreement (IB-AK) protocols, whereby we present two \emph{substitution rules} for this two types of protocols. The rules enable a conversion between the two types of protocols. In particular, we obtain the \emph{real} ID-based version of the well-known MQV (and HMQV) protocol. Similarly, for the Sakai-Kasahara (SK) key construction, we show that the key transport protocol underlining the SK ID-based encryption scheme (which we call the "SK protocol") has its non-ID counterpart, namely the Hughes protocol. Based on this observation, we establish relations between corresponding ID-based and non-ID-based protocols. In particular, we propose a highly enhanced version of the McCullagh-Barreto protocol

Still Wrong Use of Pairings in Cryptography

Several pairing-based cryptographic protocols are recently proposed with a wide variety of new novel applications including the ones in emerging technologies like cloud computing, internet of things (IoT), e-health systems and wearable technologies. There have been however a wide range of incorrect use of these primitives. The paper of Galbraith, Paterson, and Smart (2006) pointed out most of the issues related to the incorrect use of pairing-based cryptography. However, we noticed that some recently proposed applications still do not use these primitives correctly. This leads to unrealizable, insecure or too inefficient designs of pairing-based protocols. We observed that one reason is not being aware of the recent advancements on solving the discrete logarithm problems in some groups. The main purpose of this article is to give an understandable, informative, and the most up-to-date criteria for the correct use of pairing-based cryptography. We thereby deliberately avoid most of the technical details and rather give special emphasis on the importance of the correct use of bilinear maps by realizing secure cryptographic protocols. We list a collection of some recent papers having wrong security assumptions or realizability/efficiency issues. Finally, we give a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page

An Identity Based Key Exchange Scheme with Perfect Forward Security

Identity-based authenticated key exchange protocol(IBAKE) with perfect forward security(PFS) is one of the major advancement in the field of cryptography. This protocol is used to establish secure communication between two parties who are provided with their own unique identities, by establishing their common secret keys without the need of sending and verifying their public key certificates. This scheme involves a key generation centre(KGC) which would provide the two parties involved, with their static key that can be authenticated by the parties. Our protocol can be viewed as a variant of the protocol proposed by Xie et al. in 2012 [8]. Our protocol does not rely on bilinear pairings. We have made a comparative study of the existing protocol and the proposed protocol and proved that our protocol is more efficient. We have also provided enough proofs to verfy that our protocol is secure under attacks and is not forgeable

Two secure non-symmetric role Key-Agreement protocols

Recently, some two-party Authenticated Key Agreement protocols over elliptic curve based algebraic groups, in the context of Identity-Based cryptography have been proposed. The main contribution of this category of protocols is to reduce the complexity of performing algebraic operations through eliminating the need to using Bilinear Pairings. In this paper, we proposed two novel Identity-Based Authenticated Key Agreement protocols over non-symmetric role participants without using Bilinear Pairings. The results show that our proposed schemes beside of supporting security requirements of Key Agreement protocols, require a subset of operations with low complexity in compare with related protocols in this scientific area

An Identity Based Key Exchange Scheme with Perfect Forward Security

Identity-based authenticated key exchange protocol(IBAKE) with perfect forward security(PFS) is one of the major advancement in the field of cryptography. This protocol is used to establish secure communication between two parties who are provided with their own unique identities, by establishing their common secret keys without the need of sending and verifying their public key certificates. This scheme involves a key generation centre(KGC) which would provide the two parties involved, with their static key that can be authenticated by the parties. Our protocol can be viewed as a variant of the protocol proposed by Xie et al. in 2012 [8]. Our protocol does not rely on bilinear pairings. We have made a comparative study of the existing protocol and the proposed protocol and proved that our protocol is more efficient. We have also provided enough proofs to verfy that our protocol is secure under attacks and is not forgeable

An efficient certificateless authenticated key agreement protocol without bilinear pairings

Certificateless public key cryptography simplifies the complex certificate management in the traditional public key cryptography and resolves the key escrow problem in identity-based cryptography. Many certificateless authenticated key agreement protocols using bilinear pairings have been proposed. But the relative computation cost of the pairing is approximately twenty times higher than that of the scalar multiplication over elliptic curve group. Recently, several certificateless authenticated key agreement protocols without pairings were proposed to improve the performance. In this paper, we propose a new certificateless authenticated key agreement protocol without pairing. The user in our just needs to compute five scale multiplication to finish the key agreement. We also show the proposed protocol is secure in the random oracle model

Identity-based Digital Signature Scheme Without Bilinear Pairings

Many identity-based digital signature schemes using bilinear pairings have been proposed. But the relative computation cost of the pairing is approximately twenty times higher than that of the scalar multiplication over elliptic curve group. In order to save the running time and the size of the signature, we propose an identity based signature scheme without bilinear pairings. With both the running time and the size of the signature being saved greatly, our scheme is more practical than the previous related schemes for practical application

Cryptanalysis of pairing-free certificateless authenticated key agreement protocol

Recently, He et al. [D. He, J. Chen, J. Hu, A pairing-free certificateless authenticated key agreement protocol, International Journal of Communication Systems, 25(2), pp. 221-230, 2012] proposed a pairing-free certificateless authenticated key agreement protocol and demonstrated that their protocol is provable security in the random oracle model. However, in this paper, we show that t He et al. protocol is completely broken