Pairings in Cryptology: efficiency, security and applications

Abstract The study of pairings can be considered in so many di�erent ways that it may not be useless to state in a few words the plan which has been adopted, and the chief objects at which it has aimed. This is not an attempt to write the whole history of the pairings in cryptology, or to detail every discovery, but rather a general presentation motivated by the two main requirements in cryptology; e�ciency and security. Starting from the basic underlying mathematics, pairing maps are con- structed and a major security issue related to the question of the minimal embedding �eld [12]1 is resolved. This is followed by an exposition on how to compute e�ciently the �nal exponentiation occurring in the calculation of a pairing [124]2 and a thorough survey on the security of the discrete log- arithm problem from both theoretical and implementational perspectives. These two crucial cryptologic requirements being ful�lled an identity based encryption scheme taking advantage of pairings [24]3 is introduced. Then, perceiving the need to hash identities to points on a pairing-friendly elliptic curve in the more general context of identity based cryptography, a new technique to efficiently solve this practical issue is exhibited. Unveiling pairings in cryptology involves a good understanding of both mathematical and cryptologic principles. Therefore, although �rst pre- sented from an abstract mathematical viewpoint, pairings are then studied from a more practical perspective, slowly drifting away toward cryptologic applications

Constructing suitable ordinary pairing-friendly curves: A case of elliptic curves and genus two hyperelliptic curves

One of the challenges in the designing of pairing-based cryptographic protocols is to construct suitable pairing-friendly curves: Curves which would provide e�cient implementation without compromising the security of the protocols. These curves have small embedding degree and large prime order subgroup. Random curves are likely to have large embedding degree and hence are not practical for implementation of pairing-based protocols. In this thesis we review some mathematical background on elliptic and hyperelliptic curves in relation to the construction of pairing-friendly hyper-elliptic curves. We also present the notion of pairing-friendly curves. Furthermore, we construct new pairing-friendly elliptic curves and Jacobians of genus two hyperelliptic curves which would facilitate an efficient implementation in pairing-based protocols. We aim for curves that have smaller values than ever before reported for di�erent embedding degrees. We also discuss optimisation of computing pairing in Tate pairing and its variants. Here we show how to e�ciently multiply a point in a subgroup de�ned on a twist curve by a large cofactor. Our approach uses the theory of addition chains. We also show a new method for implementation of the computation of the hard part of the �nal exponentiation in the calculation of the Tate pairing and its varian

On near prime-order elliptic curves with small embedding degrees (Full version)

In this paper, we extend the method of Scott and Barreto and present an explicit and simple algorithm to generate families of generalized MNT elliptic curves. Our algorithm allows us to obtain all families of generalized MNT curves with any given cofactor. Then, we analyze the complex multiplication equations of these families of curves and transform them into generalized Pell equation. As an example, we describe a way to generate Edwards curves with embedding degree 6, that is, elliptic curves having cofactor h = 4

Heuristics on pairing-friendly abelian varieties

We discuss heuristic asymptotic formulae for the number of pairing-friendly abelian varieties over prime fields, generalizing previous work of one of the authors arXiv:math1107.0307Comment: Pages 6-7 rewritten, other minor changes mad

Identity based cryptography from bilinear pairings

This report contains an overview of two related areas of research in cryptography which have been prolific in significant advances in recent years. The first of these areas is pairing based cryptography. Bilinear pairings over elliptic curves were initially used as formal mathematical tools and later as cryptanalysis tools that rendered supersingular curves insecure. In recent years, bilinear pairings have been used to construct many cryptographic schemes. The second area covered by this report is identity based cryptography. Digital certificates are a fundamental part of public key cryptography, as one needs a secure way of associating an agent’s identity with a random (meaningless) public key. In identity based cryptography, public keys can be arbitrary bit strings, including readable representations of one’s identity.Fundação para a Ci~Encia e Tecnologia - SFRH/BPD/20528/2004

Ordinary Calabi-Yau-3 Crystals

We show that crystals with the properties of crystalline cohomology of ordinary Calabi-Yau threefolds in characteristic p>0, exhibit a remarkable similarity with the well known structure on the cohomology of complex Calabi-Yau threefolds near a boundary point of the moduli space with maximal unipotent local monodromy. In particular, there are canonical coordinates and an analogue of the prepotential of the Yukawa coupling. Moreover we show p-adic analogues of the integrality properties for the canonical coordinates and the prepotential of the Yukawa coupling, which have been observed in the examples of Mirror Symmetry.Comment: 17 p.; Latex2e;v2: only change: style file fic-l.cls provided; to appear in proceedings of Workshop on Calabi-Yau Varieties and Mirror Symmetry at Fields Institute, July 200

The Number Field Sieve for Barreto-Naehrig Curves: Smoothness of Norms

The security of pairing-based cryptography can be reduced to the difficulty of the discrete logarithm problem (DLP) in finite fields of medium characteristic. The number field sieve is the best known algorithm for this problem. We look at a recent improvement to the number field sieve (NFS) by Joux and Pierrot that applies to finite field DLPs arising from elliptic curves used in pairing-based cryptography. We give specific parameter values for use with Miyaji-Nakabayashi-Takano curves offering 80-bits of security, and Barreto-Naehrig (BN) curves offering 128-bits of security. The running times of the corresponding NFS implementations are compared to the running times arising from prior versions of the NFS, showing that for BN curves the Joux-Pierrot version of the NFS is faster than the conventional version, but that BN curves still provide 128-bits of security. To get a better estimate on the number of relations that can be obtained during the sieving stage, we then analyze the distribution of the sizes of the product of the norms. Using this data, we give some guidelines for choosing which Joux-Pierrot polynomials to use for a specific DLP instance. We attempt to find a model for the distribution in order to further improve on the Joux-Pierrot version of the NFS. Finally, we prove some tighter bounds on the product of the norms

Heuristics on pairing-friendly elliptic curves

We present a heuristic asymptotic formula as $x\to \infty$ for the number of isogeny classes of pairing-friendly elliptic curves with fixed embedding degree $k\geq 3$, with fixed discriminant, with rho-value bounded by a fixed $\rho_0$ such that $1<\rho_0<2$, and with prime subgroup order at most $x$.Comment: text substantially rewritten, tables correcte

Dynamic Modulus and Damping of Boron, Silicon Carbide, and Alumina Fibers

The dynamic modulus and damping capacity for boron, silicon carbide, and silicon carbide coated boron fibers were measured from-190 to 800 C. The single fiber vibration test also allowed measurement of transverse thermal conductivity for the silicon carbide fibers. Temperature dependent damping capacity data for alumina fibers were calculated from axial damping results for alumina-aluminum composites. The dynamics fiber data indicate essentially elastic behavior for both the silicon carbide and alumina fibers. In contrast, the boron based fibers are strongly anelastic, displaying frequency dependent moduli and very high microstructural damping. Ths single fiber damping results were compared with composite damping data in order to investigate the practical and basic effects of employing the four fiber types as reinforcement for aluminum and titanium matrices