Bilinear Mappings in Formal Cryptography

Krüptograafiliste protokollide turvalisuse testimiseks on loodud erinevad analüsaatorid. Osa neist põhineb predikaatloogika valemitel. Formaalses mudelis pole aga mugav realiseerida aritmeetilisi funktsioone. On kerge arvutada g^a, kui on teada nii g kui a väärtused, kuid protokollides on muutujad üldjuhul väärtustamata. Algebraliste struktuuride omadusi on vaja kirjeldada loogika valemite abil. Mõnede sellist liiki probleemidega on juba tegeldud. Näiteks on realiseeritud Diffie-Hellmani astendamine Horni valemitel põhineva analüsaatoriga ProVerif. Kahjuks see töötab vaid erinevate astendajate lõpliku arvu korral. Peale astendamist pakuvad aga krüptograafia valdkonnale huvi ka muud algebralised struktuurid, nende hulgas ka bilineaarsed kujutused. Antud uurimistöö eesmärk oli realiseerida bilineaarsete kujutuste arvutamist analüsaatoriga ProVerif ning analüüsida moodustatud protokolliteisendaja abil mõningaid bilineaarseid kujutusi kasutavaid protokolle.Bilinear mappings are quite powerful mathematical structures that can be used in cryptography. They allow constructing cryptographic primitives that would be otherwise ineffective or even impossible. In formal cryptography, the protocols are based on term algebras and process calculi, and can be represented through Horn clauses for analysis purposes. The security of these protocols can be tested with analyzers based on resolution methods. However, there are problems with realization of arithmetic operations. It is easy to compute g^a if the values of both g and a are known, but the values are usually undefned in the protocols. Some research works have been written about the representation of exponentiation in formal model, but there are still many things that should be done. In this work, an attempt to implement an analysis of bilinear mappings in formal cryptography has been done

Pairing-based cryptosystems and key agreement protocols.

For a long time, pairings on elliptic curves have been considered to be destructive in elliptic curve cryptography. Only recently after some pioneering works, particularly the well-known Boneh-Franklin identity-based encryption (IBE), pairings have quickly become an important tool to construct novel cryptographic schemes. In this thesis, several new cryptographic schemes with pairings are proposed, which are both efficient and secure with respect to a properly defined security model, and some relevant previous schemes are revisited. IBE provides a public key encryption mechanism where a public key can be an arbitrary string such as an entity identifier and unwieldy certificates are unnecessary. Based on the Sakai-Kasahara key construction, an IBE scheme which is secure in the Boneh-Franklin IBE model is constructed, and two identity-based key encapsulation mechanisms are proposed. These schemes achieve the best efficiency among the existing schemes to date. Recently Al-Riyami and Paterson introduced the certificateless public key encryption (CL-PKE) paradigm, which eliminates the need of certificates and at the same time retains the desirable properties of IBE without the key escrow problem. The security formulation of CL-PKE is revisited and a strong security model for this type of mechanism is defined. Following a heuristic approach, three efficient CL-PKE schemes which are secure in the defined strong security model are proposed. Identity-based two-party key agreement protocols from pairings are also investigated. The Bellare-Rogaway key agreement model is enhanced and within the model several previously unproven protocols in the literature are formally analysed. In considering that the user identity may be sensitive information in many environments, an identity-based key agreement protocol with unilateral identity privacy is proposed

Pairing-based cryptosystems and key agreement protocols

For a long time, pairings on elliptic curves have been considered to be destructive in elliptic curve cryptography. Only recently after some pioneering works, particularly the well-known Boneh-Franklin identity-based encryption (IBE), pairings have quickly become an important tool to construct novel cryptographic schemes. In this thesis, several new cryptographic schemes with pairings are proposed, which are both efficient and secure with respect to a properly defined security model, and some relevant previous schemes are revisited. IBE provides a public key encryption mechanism where a public key can be an arbitrary string such as an entity identifier and unwieldy certificates are unnecessary. Based on the Sakai-Kasahara key construction, an IBE scheme which is secure in the Boneh-Franklin IBE model is constructed, and two identity-based key encapsulation mechanisms are proposed. These schemes achieve the best efficiency among the existing schemes to date. Recently Al-Riyami and Paterson introduced the certificateless public key encryption (CL-PKE) paradigm, which eliminates the need of certificates and at the same time retains the desirable properties of IBE without the key escrow problem. The security formulation of CL-PKE is revisited and a strong security model for this type of mechanism is defined. Following a heuristic approach, three efficient CL-PKE schemes which are secure in the defined strong security model are proposed. Identity-based two-party key agreement protocols from pairings are also investigated. The Bellare-Rogaway key agreement model is enhanced and within the model several previously unproven protocols in the literature are formally analysed. In considering that the user identity may be sensitive information in many environments, an identity-based key agreement protocol with unilateral identity privacy is proposed.EThOS - Electronic Theses Online ServiceGBUnited Kingdo