3,048 research outputs found
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
SIGNCRYPTION ANALYZE
The aim of this paper is to provide an overview for the research that has been done so far in signcryption area. The paper also presents the extensions for the signcryption scheme and discusses the security in signcryption. The main contribution to this paper represents the implementation of the signcryption algorithm with the examples provided.ElGamal, elliptic curves, encryption, identity-based, proxy-signcryption, public key, ring-signcryption, RSA, signcryption
Scalable Multi-party Computation for zk-SNARK Parameters in the Random Beacon Model
Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs) have emerged as a valuable tool for verifiable computation and privacy preserving protocols. Currently practical schemes require a common reference string (CRS) to be constructed in a one-time setup for each statement. Ben-Sasson, Chiesa, Green, Tromer and Virza devised a multi-party protocol to securely compute such a CRS, and an adaptation of this protocol was used to construct the CRS for the Zcash cryptocurrency. The scalability of these protocols is obstructed by the need for a precommitment round which forces participants to be defined in advance and requires them to secure their secret randomness throughout the duration of the protocol.
Our primary contribution is a more scalable multi-party computation (MPC) protocol, secure in the random beacon model, which omits the precommitment round. We show that security holds even if an adversary has limited influence on the beacon. Next, we apply our main result to obtain a two-round protocol for computing an extended version of the CRS of Groth\u27s SNARK. We show that knowledge soundness is maintained in the generic group model when using this CRS.
We also contribute a more secure pairing-friendly elliptic curve construction and implementation, tuned for use in zk-SNARKs, in light of recent optimizations to the Number Field Sieve algorithm which reduced the security estimates of existing pairing-friendly curves used in zk-SNARK applications
An identity-based key infrastructure suitable for messaging applications
Abstract—Identity-based encryption (IBE) systems are relatively recently proposed; yet they are highly popular for messaging applications since they offer new features such as certificateless infrastructure and anonymous communication. In this paper, we intended to propose an IBE infrastructure for
messaging applications. The proposed infrastructure requires one registration authority and at least one public key generator and they secret share the master secret key. In addition, the PKG also shares the same master secret with each user in the system in a different way. Therefore, the PKG will never be able to learn the private keys of users under non-collusion assumption. We discuss different aspects of the proposed infrastructure such as security, key revocation, uniqueness of the identities that constitute the main drawbacks of other IBE schemes. We demonstrate that our infrastructure solves many of these drawbacks under certain assumptions
- …