16 research outputs found
Cryptographic Pairings: Efficiency and DLP security
This thesis studies two important aspects of the use of pairings in cryptography, efficient
algorithms and security.
Pairings are very useful tools in cryptography, originally used for the cryptanalysis of
elliptic curve cryptography, they are now used in key exchange protocols, signature schemes
and Identity-based cryptography.
This thesis comprises of two parts: Security and Efficient Algorithms.
In Part I: Security, the security of pairing-based protocols is considered, with a thorough
examination of the Discrete Logarithm Problem (DLP) as it occurs in PBC. Results on the
relationship between the two instances of the DLP will be presented along with a discussion
about the appropriate selection of parameters to ensure particular security level.
In Part II: Efficient Algorithms, some of the computational issues which arise when using
pairings in cryptography are addressed. Pairings can be computationally expensive, so
the Pairing-Based Cryptography (PBC) research community is constantly striving to find
computational improvements for all aspects of protocols using pairings. The improvements
given in this section contribute towards more efficient methods for the computation of pairings,
and increase the efficiency of operations necessary in some pairing-based protocol
Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack
We illustrate a vulnerability introduced to elliptic curve cryptographic protocols when implemented using a function of the OpenSSL cryptographic library. For the given implementation using an elliptic curve E over a binary field with a point G \in E, our attack recovers the majority of the bits of a scalar k when kG is computed using the OpenSSL implementation of the Montgomery ladder. For the Elliptic Curve Digital Signature Algorithm (ECDSA) the scalar k is intended to remain secret. Our attack recovers the scalar k and thus the secret key of the signer and would therefore allow unlimited forgeries. This is possible from snooping on only one signing process and requires computation of less than one second on a quad core desktop when the scalar k (and secret key) is around 571 bits
Fast hashing to G2 on pairing friendly curves
When using pairing-friendly ordinary elliptic curves over prime fields to implement identity-based protocols, there is often a need to hash identities to points on one or both of the two elliptic curve groups of prime order involved in the pairing. Of these is a group of points on the base field E(\F_p) and is instantiated as a group of points with coordinates on some extension field, over a twisted curve E\u27(\F_{p^d}), where divides the embedding degree . While hashing to is relatively easy, hashing to has been less considered, and is regarded as likely to be more expensive as it appears to require a multiplication by a large cofactor. In this paper we introduce a fast method for this cofactor multiplication on which exploits an efficiently computable homomorphism
On the final exponentiation for calculating pairings on ordinary elliptic curves
When using pairing-friendly ordinary elliptic curves to compute the Tate and related pairings, the computation consists of two main components, the Miller loop and the so-called final exponentiation. As a result of good progress being made to reduce the Miller loop component of the algorithm (particularly with the discovery of
``truncated loop\u27\u27 pairings like the R-ate pairing), the final exponentiation has become a more significant component of the overall calculation. Here we exploit the structure of pairing friendly elliptic curves to reduce the computation required for the final exponentiation to a minimum
Seasonal climate summary for the southern hemisphere (summer 2019–20): a summer of extremes
This is a summary of the southern hemisphere atmospheric circulation patterns and meteorological indices for summer 2019–20; an account of seasonal rainfall and temperature for the Australian region is also provided. The antecedent climate conditions and climatic drivers for summer 2019–20 resulted in unprecedented extremes for Australia, with many heat and fire weather extremes. The austral summer of 2019–20 was staged to be hot and dry, with climate drivers supporting higher than average temperatures and lower than average rainfall. These conditions contributed to the highest recorded monthly accumulated national Forest Fire Danger Index. As the dominant climate influence for December receded during the season, dynamic (weather) processes dominated for changeable conditions – particularly in the mid-latitudes. Both January and February were among the 10 hottest on record, although several mid-latitude sites experienced unusually cool days. Across the rest of the hemisphere, conditions were also extreme, with notable drought conditions persisting from spring over large parts of South America. Temperature anomalies for land and ocean areas of the southern hemisphere were respectively the third and second highest on record
Constructing Tower Extensions for the implementation of Pairing-Based Cryptography
A cryptographic pairing evaluates as an element in an extension field, and the evaluation itself involves a considerable
amount of extension field arithmetic. It is recognised that organising the extension field as a ``tower\u27\u27 of subfield extensions has many
advantages. Here we consider criteria that apply when choosing the best towering construction, and the associated choice of
irreducible polynomials for the implementation of pairing-based cryptosystems. We introduce a method for automatically constructing efficient towers
for more congruency classes than previous methods, some of which allow faster arithmetic
A note on the practical complexity of the NFS in the medium prime case: Smoothness of Norms
During an ongoing examination of the behaviour, in practice, of the Number Field Sieve (NFS) in the medium prime case we have noticed numerous interesting patterns. In this paper we present findings on run-time observations of an aspect of the sieving stage. The contributions of these observations to the computational mathematics community are twofold: firstly, they bring us a step closer to understanding the true practical effectiveness of the algorithm and secondly, they enabled the development of a test for the effectiveness of the polynomials used in the NFS. The results of this work are of particular interest to cryptographers: the run-time of the NFS determines directly the security level of some discrete logarithm problem based protocols, such as those arising in pairing-based cryptography