Still Wrong Use of Pairings in Cryptography

Several pairing-based cryptographic protocols are recently proposed with a wide variety of new novel applications including the ones in emerging technologies like cloud computing, internet of things (IoT), e-health systems and wearable technologies. There have been however a wide range of incorrect use of these primitives. The paper of Galbraith, Paterson, and Smart (2006) pointed out most of the issues related to the incorrect use of pairing-based cryptography. However, we noticed that some recently proposed applications still do not use these primitives correctly. This leads to unrealizable, insecure or too inefficient designs of pairing-based protocols. We observed that one reason is not being aware of the recent advancements on solving the discrete logarithm problems in some groups. The main purpose of this article is to give an understandable, informative, and the most up-to-date criteria for the correct use of pairing-based cryptography. We thereby deliberately avoid most of the technical details and rather give special emphasis on the importance of the correct use of bilinear maps by realizing secure cryptographic protocols. We list a collection of some recent papers having wrong security assumptions or realizability/efficiency issues. Finally, we give a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page

Resolvents of R-Diagonal Operators

We consider the resolvent $(\lambda-a)^{-1}$ of any $R$-diagonal operator $a$ in a $\mathrm{II}_1$-factor. Our main theorem gives a universal asymptotic formula for the norm of such a resolvent. En route to its proof, we calculate the $R$-transform of the operator $|\lambda-c|^2$ where $c$ is Voiculescu's circular operator, and give an asymptotic formula for the negative moments of $|\lambda-a|^2$ for any $R$-diagonal $a$. We use a mixture of complex analytic and combinatorial techniques, each giving finer information where the other can give only coarse detail. In particular, we introduce {\em partition structure diagrams}, a new combinatorial structure arising in free probability.Comment: 29 pages, 12 figures, used gastex.st

A Practical Second-Order Fault Attack against a Real-World Pairing Implementation

Several fault attacks against pairing-based cryptography have been described theoretically in recent years. Interestingly, none of these have been practically evaluated. We accomplished this task and prove that fault attacks against pairing-based cryptography are indeed possible and are even practical — thus posing a serious threat. Moreover, we successfully conducted a second-order fault attack against an open source implementation of the eta pairing on an AVR XMEGA A1. We injected the first fault into the computation of the Miller Algorithm and applied the second fault to skip the final exponentiation completely. We introduce a low-cost setup that allowed us to generate multiple independent faults in one computation. The setup implements these faults by clock glitches which induce instruction skips. With this setup we conducted the first practical fault attack against a complete pairing computation

Topological phase transitions in multi-component superconductors

We study the phase transition between a trivial and a time-reversal-invariant topological superconductor in a single-band system. By analyzing the interplay of symmetry, topology and energetics, we show that for a generic normal state band structure, the phase transition occurs via extended intermediate phases in which even- and odd-parity pairing components coexist. For inversion-symmetric systems, the coexistence phase spontaneously breaks time-reversal symmetry. For noncentrosymmetric superconductors, the low-temperature intermediate phase is time-reversal breaking, while the high-temperature phase preserves time-reversal symmetry and has topologically protected line nodes. Furthermore, with approximate rotational invariance, the system has an emergent $U(1) \times U(1)$ symmetry, and novel topological defects, such as half vortex lines binding Majorana fermions, can exist. We analytically solve for the dispersion of the Majorana fermion and show that it exhibit small and large velocities at low and high energies. Relevance of our theory to superconducting pyrochlore oxide Cd$_2$Re$_2$O$_7$ and half-Heusler materials is discussed.Comment: 14 pages, 7 figures; to appear on Phys. Rev. Let

Still Wrong Use of Pairings in Cryptography

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Several pairing-based cryptographic protocols are recently proposed with a wide variety of new novel applications including the ones in emerging technologies like cloud computing, internet of things (IoT), e-health systems and wearable technologies. There have been however a wide range of incorrect use of these primitives. The paper of Galbraith, Paterson, and Smart (2006) pointed out most of the issues related to the incorrect use of pairing-based cryptography. However, we noticed that some recently proposed applications still do not use these primitives correctly. This leads to unrealizable, insecure or too ine cient designs of pairing-based protocols. We observed that one reason is not being aware of the recent advancements on solving the discrete logarithm problems in some groups. The main purpose of this article is to give an understandable, informative, and the most up-to-date criteria for the correct use of pairing-based cryptography. We thereby deliberately avoid most of the technical details and rather give special emphasis on the importance of the correct use of bilinear maps by realizing secure cryptographic protocols. We list a collection of some recent papers having wrong security assumptions or realizability/e ciency issues. Finally, we give a compact and an up-to-date recipe of the correct use of pairings