Key Agreement Protocol Based on Weil Pairing

[[abstract]]We propose a group key agreement protocol in this paper. The key agreement protocol is a good solution to establish a common session key for communication. But in a group of member s communication, we not only need to establish a common session key, but also need to concern the member changing environment. The proposed protocol is based on weil pairing, ID-based authentication and a complete binary tree architecture. The users in the group will establish a common session key. If there are users want to join or leave the group, our protocol can reconstruct a new common session key for security considerations. Furthermore, our proposed protocol is efficiency when the group member is small and dynamic changing.[[sponsorship]]IEEE Computer Society Technical Committee on Distributed Processing (TCDP); Tamkung University[[notice]]補正完畢[[conferencetype]]國際[[conferencetkucampus]]淡水校園[[conferencedate]]20050328~20050330[[booktype]]紙本[[iscallforpapers]]Y[[conferencelocation]]臺北縣, 臺

On the Relations Between Diffie-Hellman and ID-Based Key Agreement from Pairings

This paper studies the relationships between the traditional Diffie-Hellman key agreement protocol and the identity-based (ID-based) key agreement protocol from pairings. For the Sakai-Ohgishi-Kasahara (SOK) ID-based key construction, we show that identical to the Diffie-Hellman protocol, the SOK key agreement protocol also has three variants, namely \emph{ephemeral}, \emph{semi-static} and \emph{static} versions. Upon this, we build solid relations between authenticated Diffie-Hellman (Auth-DH) protocols and ID-based authenticated key agreement (IB-AK) protocols, whereby we present two \emph{substitution rules} for this two types of protocols. The rules enable a conversion between the two types of protocols. In particular, we obtain the \emph{real} ID-based version of the well-known MQV (and HMQV) protocol. Similarly, for the Sakai-Kasahara (SK) key construction, we show that the key transport protocol underlining the SK ID-based encryption scheme (which we call the "SK protocol") has its non-ID counterpart, namely the Hughes protocol. Based on this observation, we establish relations between corresponding ID-based and non-ID-based protocols. In particular, we propose a highly enhanced version of the McCullagh-Barreto protocol

An Enhanced One-round Pairing-based Tripartite Authenticated Key Agreement Protocol

A tripartite authenticated key agreement protocol is generally designed to accommodate the need of three specific entities in communicating over an open network with a shared secret key, which is used to preserve data confidentiality and integrity. Since Joux proposed the first pairing-based one-round tripartite key agreement protocol in 2000, numerous authenticated protocols have been proposed after then. However, most of them have turned out to be flawed due to their inability in achieving some desirable security attributes. In 2005, Lin-Li had identified the weaknesses of Shim\u27s protocol and subsequently proposed their improved scheme by introducing an extra verification process. In this paper, we prove that Lin-Li\u27s improved scheme remains insecure due to its susceptibility to the insider impersonation attack. Based on this, we propose an enhanced scheme which will not only conquer their defects, but also preserves the desired security attributes of a key agreement protocol

Two-Party Threshold Key Agreement Protocol for MANETs using Pairings

In MANET environment, the nodes are mobile i.e., nodes move in and out dynamically. This causes difficulty in maintaining a central trusted authority say Certification Authority CA or Key Generation Centre KCG. In addition most of cryptographic techniques need a key to be shared between the two communicating entities. So to introduce security in MANET environment, there is a basic need of sharing a key between the two communicating entities without the use of central trusted authority. So we present a decentralized two-party key agreement protocol using pairings and threshold cryptography ideas. Our model is based on Joux2019;s three-party key agreement protocol which does not authenticate the users and hence is vulnerable to man-in-the-middle attack. This model protects from man-in-the-middle attack using threshold cryptography

Further Refinement of Pairing Computation Based on Miller\u27s Algorithm

In 2006, Blake, Murty and Xu proposed three refinements to Miller\u27s algorithm for computing Weil/Tate Pairings. In this paper we extend their work and propose a generalized algorithm, which integrates their first two algorithms. Our approach is to pre-organize the binary representation of the involved integer to the best cases of Blake\u27s algorithms. Further, our refinement is more suitable for Solinas numbers than theirs. We analyze our algorithm and show that our refinement can perform better than the original algorithms

ID-based tripartite Authenticated Key Agreement Protocols from pairings

This paper proposes ID-based tripartite authenticated key agreement protocols. The authenticated three party key agreement protocols from pairings [15], and the ID-based two party authenticated key agreement protocol [13] are studied. These two protocols are taken as the basis for designing three new ID-based tripartite authenticated key agreement protocols. The security properties of all these protocols are studied listing out the possible attacks on them. Further, these protocols are extended to provide key confirmation

Security Proof for the Improved Ryu-Yoon-Yoo Identity-Based Key Agreement Protocol

Key agreement protocols are essential for secure communications in open and distributed environments. The protocol design is, however, extremely error-prone as evidenced by the iterative process of fixing discovered attacks on published protocols. We revisit an efficient identity-based (ID-based) key agreement protocol due to Ryu, Yoon and Yoo. The protocol is highly efficient and suitable for real-world applications despite offering no resilience against key-compromise impersonation (K-CI). We then show that the protocol is, in fact, insecure against reflection attacks. A slight modification to the protocol is proposed, which results in significant benefits for the security of the protocol without compromising on its efficiency. Finally, we prove the improved protocol secure in a widely accepted model

Hardness of Computing Individual Bits for One-way Functions on Elliptic Curves

We prove that if one can predict any of the bits of the input to an elliptic curve based one-way function over a finite field, then we can invert the function. In particular, our result implies that if one can predict any of the bits of the input to a classical pairing-based one-way function with non-negligible advantage over a random guess then one can efficiently invert this function and thus, solve the Fixed Argument Pairing Inversion problem (FAPI-1/FAPI-2). The latter has implications on the security of various pairing-based schemes such as the identity-based encryption scheme of Boneh–Franklin, Hess’ identity-based signature scheme, as well as Joux’s three-party one-round key agreement protocol. Moreover, if one can solve FAPI-1 and FAPI-2 in polynomial time then one can solve the Computational Diffie--Hellman problem (CDH) in polynomial time. Our result implies that all the bits of the functions defined above are hard-to-compute assuming these functions are one-way. The argument is based on a list-decoding technique via discrete Fourier transforms due to Akavia--Goldwasser–Safra as well as an idea due to Boneh–Shparlinski