46,411 research outputs found
Twisted Ate Pairing on Hyperelliptic Curves and Applications
In this paper we show that the twisted Ate pairing on elliptic curves can be generalized to hyperelliptic curves, we also give a series of variations of the hyperelliptic Ate and twisted Ate pairings. Using the hyperelliptic Ate pairing and twisted Ate
pairing, we propose a new approach to speed up the Weil pairing computation, and obtain an interested result: For some hyperelliptic curves with high degree twist, using this approach to compute Weil pairing will be faster than Tate pairing, Ate pairing etc. all known pairings
Optimal Pairings on BN Curves
Bilinear pairings are being used in ingenious ways to solve various protocol problems. Much research has been done on improving the efficiency of pairing computations. This thesis gives an introduction to the Tate pairing and some variants including the ate pairing, Vercauteren's pairing, and the R-ate pairing. We describe the Barreto-Naehrig (BN) family of pairing-friendly curves, and analyze three different coordinates systems (affine, projective, and jacobian) for implementing the R-ate pairing. Finally, we examine some recent work for speeding the pairing computation and provide improved estimates of the pairing costs on a particular BN curve
Developing an Automatic Generation Tool for Cryptographic Pairing Functions
Pairing-Based Cryptography is receiving steadily more attention from industry, mainly
because of the increasing interest in Identity-Based protocols. Although there are plenty of
applications, efficiently implementing the pairing functions is often difficult as it requires
more knowledge than previous cryptographic primitives. The author presents a tool for
automatically generating optimized code for the pairing functions which can be used in the
construction of such cryptographic protocols.
In the following pages I present my work done on the construction of pairing function
code, its optimizations and how their construction can be automated to ease the work of the
protocol implementer.
Based on the user requirements and the security level, the created cryptographic compiler
chooses and constructs the appropriate elliptic curve. It identifies the supported pairing
function: the Tate, ate, R-ate or pairing lattice/optimal pairing, and its optimized parameters.
Using artificial intelligence algorithms, it generates optimized code for the final exponentiation
and for hashing a point to the required group using the parametrisation of the
chosen family of curves.
Support for several multi-precision libraries has been incorporated: Magma, MIRACL
and RELIC are already included, but more are possible
Differential Power Analysis against the Miller Algorithm
Article en cours de publicationPairings permit several protocol simplications and original scheme creation, for example Identity Based Cryptography protocols. Initially, the use of pairings did not involve any secret entry, consequently, side channel attacks were not a threat for pairing based cryptography. On the contrary, in an Identity Based Cryptographic protocol, one of the two entries to the pairing is secret. Side Channel Attacks can be therefore applied to nd this secret. We realize a Differential Power Analysis(DPA) against the Miller algorithm, the central step to compute the Weil, Tate and Ate pairing. Keywords: Pairing, Miller Algorithm, Pairing Based Cryptography, SCA, DPA
Novel Area-Efficient and Flexible Architectures for Optimal Ate Pairing on FPGA
While FPGA is a suitable platform for implementing cryptographic algorithms,
there are several challenges associated with implementing Optimal Ate pairing
on FPGA, such as security, limited computing resources, and high power
consumption. To overcome these issues, this study introduces three approaches
that can execute the optimal Ate pairing on Barreto-Naehrig curves using
Jacobean coordinates with the goal of reaching 128-bit security on the Genesys
board. The first approach is a pure software implementation utilizing the
MicroBlaze processor. The second involves a combination of software and
hardware, with key operations in and being transformed into
IP cores for the MicroBlaze. The third approach builds on the second by
incorporating parallelism to improve the pairing process. The utilization of
multiple MicroBlaze processors within a single system offers both versatility
and parallelism to speed up pairing calculations. A variety of methods and
parameters are used to optimize the pairing computation, including Montgomery
modular multiplication, the Karatsuba method, Jacobean coordinates, the Complex
squaring method, sparse multiplication, squaring in , and
the addition chain method. The proposed systems are designed to efficiently
utilize limited resources in restricted environments, while still completing
tasks in a timely manner.Comment: 13 pages, 8 figures, and 5 table
Fixed Argument Pairing Inversion on Elliptic Curves
Let be an elliptic curve over a finite field with a power of prime , a prime dividing , and the smallest positive integer satisfying , called embedding degree. Then a bilinear map is defined, called the Tate pairing. And the Ate pairing and other variants are obtained by reducing the domain for each argument and raising it to some power.
In this paper we consider the {\em Fixed Argument Pairing Inversion (FAPI)} problem for the Tate pairing and its variants. In 2012, considering FAPI for the Ate pairing, Kanayama and Okamoto formulated the {\em Exponentiation Inversion (EI)} problem. However the definition gives a somewhat vague description of the hardness of EI. We point out that the described EI can be easily solved, and hence clarify the description so that the problem does contain the actual hardness connection with the prescribed domain for given pairings.
Next we show that inverting the Ate pairing (including other variants of the Tate pairing) defined on the smaller domain is neither easier nor harder than inverting the Tate pairing defined on the lager domain. This is very interesting because it is commonly believed that the structure of the Ate pairing is so simple and good (that is, the Miller length is short, the solution domain is small and has an algebraic structure induced from the Frobenius map) that it may leak some information, thus there would be a chance for attackers to find further approach to solve FAPI for the Ate pairing, differently from the Tate pairing
Speeding up Ate Pairing Computation in Affine Coordinates
At Pairing 2010, Lauter et al\u27s analysis showed that Ate pairing computation in affine coordinates may be much faster than projective coordinates at high security levels. In this paper, we further investigate techniques to speed up Ate pairing computation in affine coordinates.
On the one hand, we improve Ate pairing computation over elliptic curves admitting an even twist by describing an -ary Miller algorithm in affine coordinates. This technique allows us to trade one multiplication in the full extension field and one field inversion for several multiplications in a smaller field. On the other hand, we investigate pairing computations over elliptic curves admitting a twist of degree . We propose new fast explicit formulas for Miller function that are comparable to formulas over even twisted curves. We further analyze pairing computation on cubic twisted curves by proposing efficient subfamilies of pairing-friendly elliptic curves with embedding degrees , and . These subfamilies allow us not only to obtain a very simple form of curve, but also lead to an efficient arithmetic and final exponentiation
Lazy Random Walk Efficient for Pollard’s Rho Method Attacking on G3 over Barreto-Naehrig Curve (Corrected)
Pairing–based cryptosystems are well implemented with Ate–type pairing over Barreto–Naehrig (BN)
curve. Then, for instance, their securities depend on the difficulty of Discrete Logarithm Problem (DLP)
on the so–denoted G3 over BN curve. This paper, in order to faster solve the DLP, first proposes to
utilize Gauss period Normal Basis (GNB) for Pollard’s rho method, and then considers to accelerate the
solving by an adoption of lazy random walk, namely tag tracing technique proposed by Cheon et al
Cryptographic Pairings Based on Elliptic Nets
In 2007, Stange proposed a novel method of computing the Tate pairing on an elliptic curve over a finite field.
This method is based on elliptic nets,
which are maps from to a ring that satisfy a certain recurrence relation.
In this paper, we explicitly give formulae for computing some variants
of the Tate pairing:
Ate, Ate, R-Ate and Optimal pairings, based on elliptic nets.
We also discuss their efficiency by using some experimental results
x-Superoptimal Pairings on some Elliptic Curves with Odd Prime Embedding Degrees
The choice of the elliptic curve for a given pairing based protocol
is primordial. For many cryptosystems based on pairings such as group signatures and their variants (EPID, anonymous
attestation, etc) or accumulators, operations in the first pairing group of points of the elliptic curve is more predominant. At -bit security level two curves and with odd embedding degrees and suitable for super optimal pairing have been recommended for such pairing based protocols . But a prime embedding degree () eliminates some important optimisation for the pairing computation. However The Miller loop length of the superoptimal pairing is the half of that of the optimal ate pairing but involve more exponentiations that affect its efficiency. In this work, we successfully develop methods and construct algorithms
to efficiently evaluate and avoid heavy exponentiations that affect the efficiency of the superoptimal pairing. This leads to the definition of new bilinear and non degenerate pairing on and called -superoptimal pairing wchich is about and faster than the optimal
ate pairing previousely computed on and respectively
- …