Pairings in Cryptology: efficiency, security and applications

Abstract The study of pairings can be considered in so many di�erent ways that it may not be useless to state in a few words the plan which has been adopted, and the chief objects at which it has aimed. This is not an attempt to write the whole history of the pairings in cryptology, or to detail every discovery, but rather a general presentation motivated by the two main requirements in cryptology; e�ciency and security. Starting from the basic underlying mathematics, pairing maps are con- structed and a major security issue related to the question of the minimal embedding �eld [12]1 is resolved. This is followed by an exposition on how to compute e�ciently the �nal exponentiation occurring in the calculation of a pairing [124]2 and a thorough survey on the security of the discrete log- arithm problem from both theoretical and implementational perspectives. These two crucial cryptologic requirements being ful�lled an identity based encryption scheme taking advantage of pairings [24]3 is introduced. Then, perceiving the need to hash identities to points on a pairing-friendly elliptic curve in the more general context of identity based cryptography, a new technique to efficiently solve this practical issue is exhibited. Unveiling pairings in cryptology involves a good understanding of both mathematical and cryptologic principles. Therefore, although �rst pre- sented from an abstract mathematical viewpoint, pairings are then studied from a more practical perspective, slowly drifting away toward cryptologic applications

Fast hashing to G2 on pairing friendly curves

When using pairing-friendly ordinary elliptic curves over prime fields to implement identity-based protocols, there is often a need to hash identities to points on one or both of the two elliptic curve groups of prime order $r$ involved in the pairing. Of these $G_1$ is a group of points on the base field E(\F_p) and $G_2$ is instantiated as a group of points with coordinates on some extension field, over a twisted curve E\u27(\F_{p^d}), where $d$ divides the embedding degree $k$. While hashing to $G_1$ is relatively easy, hashing to $G_2$ has been less considered, and is regarded as likely to be more expensive as it appears to require a multiplication by a large cofactor. In this paper we introduce a fast method for this cofactor multiplication on $G_2$ which exploits an efficiently computable homomorphism

On the final exponentiation for calculating pairings on ordinary elliptic curves

When using pairing-friendly ordinary elliptic curves to compute the Tate and related pairings, the computation consists of two main components, the Miller loop and the so-called final exponentiation. As a result of good progress being made to reduce the Miller loop component of the algorithm (particularly with the discovery of ``truncated loop\u27\u27 pairings like the R-ate pairing), the final exponentiation has become a more significant component of the overall calculation. Here we exploit the structure of pairing friendly elliptic curves to reduce the computation required for the final exponentiation to a minimum

A note on the practical complexity of the NFS in the medium prime case: Smoothness of Norms

During an ongoing examination of the behaviour, in practice, of the Number Field Sieve (NFS) in the medium prime case we have noticed numerous interesting patterns. In this paper we present findings on run-time observations of an aspect of the sieving stage. The contributions of these observations to the computational mathematics community are twofold: firstly, they bring us a step closer to understanding the true practical effectiveness of the algorithm and secondly, they enabled the development of a test for the effectiveness of the polynomials used in the NFS. The results of this work are of particular interest to cryptographers: the run-time of the NFS determines directly the security level of some discrete logarithm problem based protocols, such as those arising in pairing-based cryptography

Domain of functional affectation and profile of children with special needs in the 2nd and 3rd district of Cavite (Research Locale Set F)

Descriptive-survey design was used in this research. The total summation of CWD included in the research was 113 CWD in Bacoor and 96 CWD in Imus. The research instrument used is survey questionnaires. Data was analyzed using frequency table, percentage, and mean. The top three (3) domains of functional affectation in Bacoor were speech, language and communication domain, self-help/adaptive domain and cognitive/perceptual domain. In Imus, the top three (3) were speech, language and communication domain, cognitive/perceptual domain and self-help/adaptive domain. The most prevalent age group of CSN in Bacoor and Imus was 12-18 years old. There were more male CSN than females. Barangay Habay I presented with the largest population of CSN in Bacoor while Bucandala 3 in Imus. In both Bacoor and Imus, financial constraint was the most common reason of not receiving, seeking and sustaining educational, medical and rehabilitative services. However, most of the CWD received non-monetary support which primarily provided by their parents

Increased bone density in sclerosteosis is due to the deficiency of a novel secreted protein (SOST)

Sclerosteosis is a progressive sclerosing bone dysplasia with an autosomal recessive mode of inheritance. Radiologically, it is characterized by a generalized hyperostosis and sclerosis leading to a markedly thickened and sclerotic skull, with mandible, ribs, clavicles and all long bones also being affected. Due to narrowing of the foramina of the cranial nerves, facial nerve palsy, hearing loss and atrophy of the optic nerves can occur. Sclerosteosis is clinically and radiologically very similar to van Buchem disease, mainly differentiated by hand malformations and a large stature in sclerosteosis patients. By linkage analysis in one extended van Buchem family and two consanguineous sclerosteosis families we previously mapped both disease genes to the same chromosomal 17q12-q21 region, supporting the hypothesis that both conditions are caused by mutations in the same gene. After reducing the disease critical region to ~1 Mb, we used the positional cloning strategy to identify the SOST gene, which is mutated in sclerosteosis patients. This new gene encodes a protein with a signal peptide for secretion and a cysteine-knot motif. Two nonsense mutations and one splice site mutation were identified in sclerosteosis patients, but no mutations were found in a fourth sclerosteosis patient nor in the patients from the van Buchem family. As the three disease-causing mutations lead to loss of function of the SOST protein resulting in the formation of massive amounts of normal bone throughout life, the physiological role of SOST is most likely the suppression of bone formation. Therefore, this gene might become an important tool in the development of therapeutic strategies for osteoporosi