4,114 research outputs found

    Easy decision-Diffie-Hellman groups

    Get PDF
    The decision-Diffie-Hellman problem (DDH) is a central computational problem in cryptography. It is known that the Weil and Tate pairings can be used to solve many DDH problems on elliptic curves. Distortion maps are an important tool for solving DDH problems using pairings and it is known that distortion maps exist for all supersingular elliptic curves. We present an algorithm to construct suitable distortion maps. The algorithm is efficient on the curves usable in practice, and hence all DDH problems on these curves are easy. We also discuss the issue of which DDH problems on ordinary curves are easy

    Efficient generation of pairing friendly elliptic curves

    Get PDF
    Pairings on elliptic curves have become very popular in the decade due to the possibility of implementing modern cryptographic schemes and protocols based on the pairings. For pairings to be effective, special kind of elliptic curves are required. Construction of such curves combines knowledge from algebraic geometry, number theory and cryptography. This is the main reason, that pairings are not implemented as often as they could be. The purpose of this thesis is to present elliptic curves and pairings on elliptic curves, constructing of pairing friendly elliptic curves and researching their use and efficient implementation. The thesis also contains required preliminaries from algebraic geometry and number theory. The thesis contains four parts divided in to eight chapters. The first surveys the history of pairings in Chapter 1; Chapter 2 defines pairings, types of pairings and describes bilinear Diffie-Hellman's problem. Algebraic geometry and basic theory on elliptic curves, required for understanding are presented in the second part. It contains definition of algebraic varieties and their properties in Chapter 3 and elliptic curves and their properties in Chapter 4. The third part of the thesis introduces pairings on elliptic curves: Chapter 5 presents pairings and related algorithms, Chapter 6 includes examples of the use of pairings in cryptography. The main part of the thesis is Chapter 7. It includes the definition of pairing friendly curves and all known constructions of pairing friendly curves together with the proofs of these constructions. It also contains recommendations for further implementation and optimization. Conclusion lists some open problems regarding pairings and pairing friendly curves. Mathematical preliminaries required throughout the thesis and examples of pairing friendly curves can be found in the Appendices

    Refinements of Miller's Algorithm over Weierstrass Curves Revisited

    Full text link
    In 1986 Victor Miller described an algorithm for computing the Weil pairing in his unpublished manuscript. This algorithm has then become the core of all pairing-based cryptosystems. Many improvements of the algorithm have been presented. Most of them involve a choice of elliptic curves of a \emph{special} forms to exploit a possible twist during Tate pairing computation. Other improvements involve a reduction of the number of iterations in the Miller's algorithm. For the generic case, Blake, Murty and Xu proposed three refinements to Miller's algorithm over Weierstrass curves. Though their refinements which only reduce the total number of vertical lines in Miller's algorithm, did not give an efficient computation as other optimizations, but they can be applied for computing \emph{both} of Weil and Tate pairings on \emph{all} pairing-friendly elliptic curves. In this paper we extend the Blake-Murty-Xu's method and show how to perform an elimination of all vertical lines in Miller's algorithm during Weil/Tate pairings computation on \emph{general} elliptic curves. Experimental results show that our algorithm is faster about 25% in comparison with the original Miller's algorithm.Comment: 17 page

    SYMMETRIC BILINEAR CRYPTOGRAPHY ON ELLIPTIC CURVE AND LIE ALGEBRA

    Get PDF
    Elliptic Curve Cryptography (ECC) has gained widespread adoption in the field of cryptography due to its efficiency and security properties. Symmetric bilinear pairings on elliptic curves have emerged as a powerful tool in cryptographic protocols, enabling advanced constructions and functionalities. This paper explores the intersection of symmetric bilinear pairings, elliptic curves, and Lie algebras in the context of cryptography. We provide a comprehensive overview of the theoretical foundations, applications, and security considerations of this amalgamation

    Pairing computation on hyperelliptic curves of genus 2

    Get PDF
    Bilinear pairings have been recently used to construct cryptographic schemes with new and novel properties, the most celebrated example being the Identity Based Encryption scheme of Boneh and Franklin. As pairing computation is generally the most computationally intensive part of any painng-based cryptosystem, it is essential to investigate new ways in which to compute pairings efficiently. The vast majority of the literature on pairing computation focuscs solely on using elliptic curves. In this thesis we investigate pairing computation on supersingular hyperelliptic curves of genus 2 Our aim is to provide a practical alternative to using elliptic curves for pairing based cryptography. Specifically, we illustrate how to implement pairings efficiently using genus 2 curves, and how to attain performance comparable to using elliptic curves. We show that pairing computation on genus 2 curves over F2m can outperform elliptic curves by using a new variant of the Tate pairing, called the r¡j pairing, to compute the fastest pairing implementation in the literature to date We also show for the first time how the final exponentiation required to compute the Tate pairing can be avoided for certain hyperelliptic curves. We investigate pairing computation using genus 2 curves over large prime fields, and detail various techniques that lead to an efficient implementation, thus showing that these curves are a viable candidate for practical use

    Isogenies of Elliptic Curves: A Computational Approach

    Get PDF
    Isogenies, the mappings of elliptic curves, have become a useful tool in cryptology. These mathematical objects have been proposed for use in computing pairings, constructing hash functions and random number generators, and analyzing the reducibility of the elliptic curve discrete logarithm problem. With such diverse uses, understanding these objects is important for anyone interested in the field of elliptic curve cryptography. This paper, targeted at an audience with a knowledge of the basic theory of elliptic curves, provides an introduction to the necessary theoretical background for understanding what isogenies are and their basic properties. This theoretical background is used to explain some of the basic computational tasks associated with isogenies. Herein, algorithms for computing isogenies are collected and presented with proofs of correctness and complexity analyses. As opposed to the complex analytic approach provided in most texts on the subject, the proofs in this paper are primarily algebraic in nature. This provides alternate explanations that some with a more concrete or computational bias may find more clear.Comment: Submitted as a Masters Thesis in the Mathematics department of the University of Washingto

    An FPGA-based programmable processor for bilinear pairings

    Get PDF
    Bilinear pairings on elliptic curves are an active research field in cryptography. First cryptographic protocols based on bilinear pairings were proposed by the year 2000 and they are promising solutions to security concerns in different domains, as in Pervasive Computing and Cloud Computing. The computation of bilinear pairings that relies on arithmetic over finite fields is the most time-consuming in Pairing-based cryptosystems. That has motivated the research on efficient hardware architectures that improve the performance of security protocols. In the literature, several works have focused in the design of custom hardware architectures for pairings, however, flexible designs provide advantages due to the fact that there are several types of pairings and algorithms to compute them. This work presents the design and implementation of a novel programmable cryptoprocessor for computing bilinear pairings over binary fields in FPGAs, which is able to support different pairing algorithms and parameters as the elliptic curve, the tower field and the distortion map. The results show that high flexibility is achieved by the proposed cryptoprocessor at a competitive timing and area usage when it is compared to custom designs for pairings defined over singular/supersingular elliptic curves at a 128-bit security level

    Faster Computation of Self-pairings

    Get PDF
    Self-pairings have found interesting applications in cryptographic schemes. In this paper, we present a novel method for constructing a self-pairing on supersingular elliptic curves with even embedding degrees, which we call the Ateil pairing. This new pairing improves the efficiency of the self-pairing computation on supersingular curves over finite fields with large characteristics. Based on the ηT\eta_T pairing, we propose a generalization of the Ateil pairing, which we call the Ateili_i pairing. The optimal Ateili_i pairing which has the shortest Miller loop is faster than previously known self-pairings on supersingular elliptic curves over finite fields with small characteristics. We also present a new self-pairing based on the Weil pairing which is faster than the self-pairing based on the Tate pairing on ordinary elliptic curves with embedding degree oneone

    Weak instances of class group action based cryptography via self-pairings

    Get PDF
    In this paper we study non-trivial self-pairings with cyclic domains that are compatible with isogenies between elliptic curves oriented by an imaginary quadratic order O\mathcal{O}. We prove that the order mm of such a self-pairing necessarily satisfies mΔOm \mid \Delta_\mathcal{O} (and even 2mΔO2m \mid \Delta_\mathcal{O} if 4ΔO4 \mid \Delta_\mathcal{O} and 4mΔO4m \mid \Delta_\mathcal{O} if 8ΔO8 \mid \Delta_\mathcal{O}) and is not a multiple of the field characteristic. Conversely, for each mm satisfying these necessary conditions, we construct a family of non-trivial cyclic self-pairings of order mm that are compatible with oriented isogenies, based on generalized Weil and Tate pairings. As an application, we identify weak instances of class group actions on elliptic curves assuming the degree of the secret isogeny is known. More in detail, we show that if m2ΔOm^2 \mid \Delta_\mathcal{O} for some prime power mm then given two primitively O\mathcal{O}-oriented elliptic curves (E,ι)(E, \iota) and (E2˘7,ι2˘7)=[a](E,ι)(E\u27,\iota\u27) = [\mathfrak{a}] (E,\iota) connected by an unknown invertible ideal aO\mathfrak{a} \subseteq \mathcal{O}, we can recover a\mathfrak{a} essentially at the cost of a discrete logarithm computation in a group of order m2m^2, assuming the norm of a\mathfrak{a} is given and is smaller than m2m^2. We give concrete instances, involving ordinary elliptic curves over finite fields, where this turns into a polynomial time attack. Finally, we show that these self-pairings simplify known results on the decisional Diffie-Hellman problem for class group actions on oriented elliptic curves

    Hesse Pencils and 3-Torsion Structures

    Get PDF
    This paper intends to focus on the universal property of this Hesse pencil and of its twists. The main goal is to do this as explicit and elementary as possible, and moreover to do it in such a way that it works in every characteristic different from three
    corecore