17 research outputs found
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
Construction of Arithmetic Secret Sharing Schemes by Using Torsion Limits
Recent results of Cascudo, Cramer, and Xing on the construction of
arithmetic secret sharing schemes are improved by using some new bounds on the torsion limits of algebraic function fields. Furthermore, new bounds on the torsion limits of certain towers of function fields are given
Still Wrong Use of Pairings in Cryptography
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Several pairing-based cryptographic protocols are recently
proposed with a wide variety of new novel applications including the ones
in emerging technologies like cloud computing, internet of things (IoT),
e-health systems and wearable technologies. There have been however a
wide range of incorrect use of these primitives. The paper of Galbraith,
Paterson, and Smart (2006) pointed out most of the issues related to the
incorrect use of pairing-based cryptography. However, we noticed that
some recently proposed applications still do not use these primitives correctly.
This leads to unrealizable, insecure or too ine cient designs of
pairing-based protocols. We observed that one reason is not being aware
of the recent advancements on solving the discrete logarithm problems in
some groups. The main purpose of this article is to give an understandable,
informative, and the most up-to-date criteria for the correct use of
pairing-based cryptography. We thereby deliberately avoid most of the
technical details and rather give special emphasis on the importance of
the correct use of bilinear maps by realizing secure cryptographic protocols.
We list a collection of some recent papers having wrong security
assumptions or realizability/e ciency issues. Finally, we give a compact
and an up-to-date recipe of the correct use of pairings
Secure Delegation of Isogeny Computations and Cryptographic Applications
We address the problem of speeding up isogeny computation for supersingular elliptic curves over finite fields using untrusted computational resources like third party servers or cloud service providers (CSPs). We first propose new, efficient and secure delegation schemes. This especially enables resource-constrained devices (e.g. smart cards, RFID tags, tiny sensor nodes) to effectively deploy post-quantum isogeny-based cryptographic protocols. To the best of our knowledge, these new schemes are the first attempt to generalize the classical secure delegation schemes for group exponentiations and pairing computation to
an isogeny-based post-quantum setting. Then, we apply these secure delegation subroutines to improve the performance of supersingular isogeny-based zero-knowledge proofs of identity. Our experimental results show that, at the 128−bit quantum-security level, the proving party only needs about 3% of the original protocol cost, while the verifying party’s effort is fully
reduced to comparison operations. Lastly, we also apply our delegation schemes to decrease the computational cost of the decryption step for the NIST postquantum standardization candidate SIKE
Fully Verifiable Secure Delegation of Pairing Computation: Cryptanalysis and An Efficient Construction
We address the problem of secure and verifiable delegation of general pairing computation. We first analyze some recently proposed pairing delegation schemes and present several attacks on their security and/or verifiability properties. In particular, we show that none of these achieve the claimed security and verifiability properties simultaneously. We then provide a fully verifiable secure delegation scheme under one-malicious version of a two-untrusted-program model (OMTUP). not only significantly improves the efficiency of all the previous schemes, such as fully verifiable schemes of Chevallier-Mames et al. and Canard et al. by eliminating the impractical exponentiation- and scalar-multiplication-consuming steps, but also offers for the first time the desired full verifiability property unlike other practical schemes. Furthermore, we give a more efficient and less memory consuming invocation of the subroutine for by eliminating the requirement of offline computations of modular exponentiations and scalar-multiplications. In particular, includes a fully verifiable partial delegation under the OMTUP assumption. The partial delegation of distinguishes as a useful lightweight delegation scheme when the delegator is resource-constrained (e.g. RFID tags, smart cards or sensor nodes)
An Efficient ID-Based Message Recoverable Privacy-Preserving Auditing Scheme
One of the most important benefits of public cloud storage is outsourcing of management and maintenance with easy accessibility and retrievability over the internet. However, outsourcing data on the cloud brings new challenges such as integrity verification and privacy of data. More concretely, once the users outsource their data on the cloud they have no longer physical control over the data and this leads to the integrity protection issue. Hence, it is crucial to guarantee proof of data storage and integrity of the outsourced data. Several pairing-based au- diting solutions have been proposed utilizing the Boneh-Lynn-Shacham (BLS) short signatures. They basically provide a desirable and efficient property of non-repudiation protocols. In this work, we propose the first ID-based privacy-preserving public auditing scheme with message recov- erable signatures. Because of message recoverable auditing scheme, the message itself is implicitly included during the verification step that was not possible in previously proposed auditing schemes. Furthermore, we point out that the algorithm suites of existing schemes is either insecure or very inefficient due to the choice of the underlying bilinear map and its baseline parameter selections. We show that our scheme is more ef- ficient than the recently proposed auditing schemes based on BLS like short signatures
Efficient and Verifiable Algorithms for Secure Outsourcing of Cryptographic Computations
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Reducing computational cost of cryptographic computations for
resource-constrained devices is an active research area. One of the practical
solutions is to securely outsource the computations to an external and more
powerful cloud server. Modular exponentiations are the most expensive computation
from the cryptographic point of view. Therefore, outsourcing modular
exponentiations to a single, external and potentially untrusted cloud server
while ensuring the security and privacy provide an efficient solution. In this paper,
we propose new efficient outsourcing algorithms for modular exponentiations
using only one untrusted cloud server. These algorithms cover public-base
& private-exponent, private-base & public-exponent, private-base & privateexponent,
and more generally private-base & private-exponents simultaneous
modular exponentiations. Our algorithms are the most efficient solutions utilizing
only one single untrusted server with best checkability probabilities.
Furthermore, unlike existing schemes, which have fixed checkability probability,
our algorithms provide adjustable predetermined checkability parameters.
Finally, we apply our algorithms to outsource Oblivious Transfer Protocols
and Blind Signatures which are expensive primitives in modern cryptography
On the construction of algebraic curves with complex multiplication
Es seien ein imagin"ar quadratischer Zahlk"orper und die Ordnung von mit dem F"uhrer und der Diskriminante . Mit Hilfe der Theorie der komplexen Multiplikation zeigen wir, dass der singul"are Wert des Quotienten gewisser Thetafunktionen den Ringklassenk"orper modulo "uber erzeugt. Dieses erm"oglicht eine schnellere Konstruktion der Klassenpolynome der Ringklassenk"orper als die Konstruktion mittels der klassischen Quotienten der Dedekindschen Funktion. Ferner beweisen wir, dass die verallgemeinerten Quotienten mittels der Quotienten der Thetanullwerte darstellbar sind. Diese Darstellungen lassen sich auch zur schnelleren Konstruktion der Klassenpolynome verwenden. Im Falle, dass gewissen Kongruenzbedingungen gen"ugt, beweisen wir, dass diese singul"aren Werte Einheiten in den entsprechenden Ringklassenk"orpern sind. Diese Eigenschaft wird benutzt, um die Einheitengruppen solcher Ringklassenk"orper mittels der in der Konstruktion des Klassenpolynoms explizit bestimmten Nullstellen zu berechnen. Es sei eine einfache hauptpolarisierte abelsche Fl"ache vom primitiven CM-Typ mit [K:\Q]=4. Wir erweitern die CM-Konstruktion hyperelliptischer Kurven vom Geschlecht zwei "uber endlichen K"orpern mittels einer Bedingung an die Steinitzklasse auf alle primitiven CM-K"orper. Mit Hilfe des zwei-dimensionalen Reziprozit"atsgesetzes von Shimura, der Theorie der komplexen Multiplikation abelscher Variet"aten, und einer Arithmetik der Siegelschen Modulfunktionen der Stufe , \mbox{ggT}(2,N)=1, verallgemeinern wir das Verfahren, welches im Falle der elliptischen Kurven "uberpr"uft, ob ein singul"arer Wert einer arithmetischen Modulfunktion ein Erzeuger des Ringklassenk"orpers ist. Damit erhalten wir ein Verfahren, welches "uberpr"uft, ob ein System der Werte der Siegelschen Modulfunktionen und der Stufe mit den "uber dem Reflexivk"orper von unverzweigten Klassenk"orper nach dem ersten Hauptsatz der Theorie der komplexen Multiplikation erzeugt. Den Abschluss bilden einige Beispiele der Klassenpolynome nebst den Untergruppen der Einheitengruppen entsprechender Ringklassenk"orper, die wir mittels der singul"aren Werte der Quotienten der Thetanullwerte berechnen.Let be an imaginary quadratic number field and be the order with the conductor and the discriminant . We show by means of the theory of complex multiplication that the singular values of quotients of some theta functions generate the ring class field modulo over . This enables more efficient computation of the class polynomials of these rings class fields than the construction of class polynomials by means of quotients of values of Dedekind function. Furthermore, we prove that the generalised quotients can be represented by quotients of Thetanullwerte. Also these representations allow us to compute the class polynomials more efficiently. In the case that satisfies certain congruence conditions, we prove that these singular values are units in the corresponding ring class fields. This property is used to compute the unit group of those ring class fields with the help of explicitely given roots of the class polynomials, which are predetermined during the construction of such polynomials. Let be a simple principally polarised abelian surface of primitive CM-type with [K:\Q]=4. We generalise the CM-construction of hyperelliptic curves of genus two over finite fields using a condition on the Steinitz class to all primitive CM-fields. We extend the methode of elliptic curves that tests whether a singular value of an aritmetical modular function is a generator of rings class field to simple abelian varieties by using the two-dimensional reciprocity law of Shimura, the theory of complex multiplication of abelian varieties and an arithmetic of Siegel modular functions of level , \mbox{gcd}(2,N)=1. This enables to introduce an algorithm, which tests whether a system of values of Siegel modular functions and of level with generate the unramified abelian extension of the reflex field of by the first main theorem of complex multiplication. At the end, the examples of some class polynomials are given together with the subgroups of the unit group of the corresponding ring class fields, which we compute with the help of singular values of the quotients of Thetanullwerte