Cryptography Based on Bilinear Maps
Tatsuaki Okamoto2006, Lecture Notes in Computer Science
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
The bilinear mapping technique that uses the (Weil and Tate) pairings over elliptic (or hyperelliptic) curves represents a great breakthrough in cryptography. This paper surveys this new trend in cryptography, and emphasizes the design of efficient cryptographic primitives that are provably secure in the standard model (i.e., without the random oracle model).
Related papers
Cryptographic Applications of Bilinear Maps
Declaration I, Noel Michael McCullagh, hereby certify that this material, which I now submit for assessment on the programme of study leading to the award of Ph.D. is entirely my own work and has not been taken from the work of others save and to the extent that such work has been cited and acknowledged within the text of my work.
An efficient signature scheme from bilinear pairings and its applications
2004
In Asiacrypt2001, Boneh, Lynn, and Shacham [8] proposed a short signature scheme (BLS scheme) using bilinear pairing on certain elliptic and hyperelliptic curves. Subsequently numerous cryptographic schemes based on BLS signature scheme were proposed. BLS short signature needs a special hash function . This hash function is probabilistic and generally inefficient. In this paper, we propose a new short signature scheme from the bilinear pairings that unlike BLS, uses general cryptographic hash functions such as SHA-1 or MD5, and does not require special hash functions. Furthermore, the scheme requires less pairing operations than BLS scheme and so is more efficient than BLS scheme. We use this signature scheme to construct a ring signature scheme and a new method for delegation. We give the security proofs for the new signature scheme and the ring signature scheme in the random oracle model.
More Efficient Secure Outsourcing Methods for Bilinear Maps
IACR Cryptol. ePrint Arch., 2015
Bilinear maps are popular cryptographic primitives which have been commonly used in various modern cryptographic protocols. However, the cost of computation for bilinear maps is expensive because of their realization using variants of Weil and Tate pairings of ellip- tic curves. Due to increasing availability of cloud computing services, devices with limited computational resources can outsource this heavy computation to more powerful external servers. Currently, the checka- bility probability of the most ecient outsourcing algorithm is 1 =2 and the overall computation requires 4 point addition in the preimage and 3 multiplications in the image of the bilinear map under the one-malicious version of a two-untrusted-program model. In this paper, we propose two ecient new algorithms which decrease not only the memory requirement but also the overall communication overhead.
The Review On Elliptic Curves as Cryptographic Pairing Groups
2021
Elliptic curve is a set of two variable points on polynomials of degree 3 over a field acted by an addition operation that forms a group structure. The motivation of this study is that the mathematics behind that elliptic curve to the applicability within a cryptosystem. Nowadays, pair- ings bilinear maps on elliptic curve are popular to construct cryptographic protocol pairings help to transform a discrete logarithm problem on an elliptic curve to the discrete logarithm problem in nite elds. The purpose of this paper is to introduce elliptic curve, bilinear pairings on elliptic curves as based on pairing cryptography. Also this investigation serves as a basis in guiding anyone interested to understand one of the applications of group theory in cryptosystem.
Efficient Implementation of Pairing-Based Cryptosystems
Journal of Cryptology, 2004
Pairing-based cryptosystems rely on the existence of bilinear, nondegenerate, efficiently computable maps (called pairings) over certain groups. Currently, all such pairings used in practice are related to the Tate pairing on elliptic curve groups whose embedding degree is large enough to maintain a good security level, but small enough for arithmetic operations to be feasible. In this paper we describe how to construct ordinary (non-supersingular) elliptic curves containing groups with arbitrary embedding degree, and show how to compute the Tate pairing on these groups efficiently.
Efficient ID-based multiproxy multisignature without bilinear maps in ROMcryptography · Multiproxy multisignature · Elliptic curve discrete log problem · Random oracle model
Most of the previously proposed identitybased multiproxy multisignature (IBMPMS) schemes used pairings in their construction. But pairing is regarded as an expensive cryptographic primitive in terms of complexity. The relative computation cost of a pairing is approximately more than ten times of the scalar multiplication over elliptic curve group. So, to reduce running time, we first define a model of a secure MPMS scheme, then propose an IBMPMS scheme without using pairings. We also prove the security of our scheme against chosen message attack in random oracle model. Our scheme's construction avoids bilinear pairing operations but still provides signature in the ID-based setting and reduces running time heavily. Therefore, proposed scheme is more applicable than previous schemes in terms of computational efficiency for practical applications.
Efficient Algorithms for the Construction of Hyperelliptic Cryptosystems
Lecture Notes in Computer Science
The jacobian of hyperelliptic curves, including elliptic curves as a special case, offers a good primitive for cryptosystems, since cryptosystems (discrete logarithms) based on the jacobians seem to be more intractable than those based on conventional multiplicative groups. In this paper, we show that the problem to determine the group structure of the jacobian can be characterized to be in NP n co-NP, when the jacobian is a nondegenerate type ("non-lidf-degenerate"). We also show that the hyperelliptic discrete logarithm can be characterized to be in NP fl co-NP, when the group structure is non-halfdegenerate. Moreover, we imply the reducibility of the hyperelliptic discrete logarithm to a inultiplicative discrete logarithm. The cxtended Weil pairing over the jacobian is the key tool for these algorithms.
Cantor versus Harley: optimization and analysis of explicit formulae for hyperelliptic curve cryptosystems
IEEE Transactions on Computers, 2000
Hyperelliptic curves (HEC) look promising for cryptographic applications, because of their short operand size compared to other public-key schemes. The operand sizes seem well suited for small processor architectures, where memory and speed are constrained. However, the group operation has been believed to be too complex and, thus, HEC have not been used in this context so far. In recent years, a lot of effort has been made to speed up group operation of genus-2 HEC. In this paper, we increase the efficiency of the genus-2 and genus-3 hyperelliptic curve cryptosystems (HECC). For certain genus-3 curves, we can gain almost 80 percent performance for a group doubling. This work not only improves Gaudry and Harley's algorithm [1], but also improves the original algorithm introduced by Cantor [2]. Contrary to common belief, we show that it is also practical for certain curves to use Cantor's algorithm to obtain the highest efficiency for the group operation. In addition, we introduce a general reduction method for polynomials according to Karatsuba. We implemented our most efficient group operations on Pentium and ARM microprocessors.
New and Efficient ID-based Signature Scheme with Message Recovery using Bilinear Pairings over Elliptic Curves
2018
Digital signature is one of the most important cryptographic primitive and has many practical applications in the real world. In many signature schemes, messages are to be transmitted together with signature and thus these schemes requires a large communicational cost for which they may be cannot efficiently used in some resource constrained devices such as WSNs, Mobile phones etc., where the less computation and low band width for communication are of great concern. In this paper, we design and analyze a new signature scheme with message recovery in the Identity based setting using bilinear pairings over elliptic curves. We discuss the proof of correctness and the security of the proposed scheme. Finally, we compare our scheme with the related schemes in terms of computational and communicational point of view.
A Note on Encoding and Hashing into Elliptic and Hyperelliptic Curves
2018
We give an (up-to-date) overview of existing encoding and hash functions into (hyper)elliptic curves. We also design an indifferentiable hash function into the Jacobian of certain families of hyperelliptic curves of genus g ≤ 5 using the unified formulas of Seck and Diarra (AFRICACRYPT-2018).
Related papers
Handbook of Elliptic and Hyperelliptic Curve Cryptography
Discrete Mathematics and Its Applications, 2005
Background on p-adic Numbers David Lubicz Contents in Brief 3.1 Definition of Qp Qp Qp Qp Qp Qp and first properties 39 3.2 Complete discrete valuation rings and fields 41 First properties • Lifting a solution of a polynomial equation 3.3 The field Qp Qp Qp Qp Qp Qp and its extensions 43 Unramified extensions • Totally ramified extensions • Multiplicative system of representatives • Witt vectors
A Provable Secure Short Signature Scheme Based on Bilinear Pairing over Elliptic Curve
Int. J. Netw. Secur., 2019
Currently, short signature is receiving significant attention since it is particularly useful in communication with low-bandwidth as the size of the generated signature is shorter than other conventional signature schemes. In this paper, a new short signature scheme is proposed based on bilinear pairing over elliptic curve. The proposed scheme is efficient as it takes lesser number of cost effective pairing operations than the BLS signature scheme. Moreover, the proposed scheme does not require any special kind of hash function such as Map-To-Point hash function. The efficiency comparison of the proposed scheme with other similar established short signature schemes is also done. The security analysis of our scheme is done in the random oracle model under the hardness assumptions of a modified k-CAA problem, a variant of the original k-CAA problem. In this paper, we also provide an implementation result of the proposed scheme.
Pairing-based cryptographic protocols: A survey
2004
The bilinear pairing such as Weil pairing or Tate pairing on elliptic and hyperelliptic curves have recently been found applications in design of cryptographic protocols. In this survey, we have tried to cover different cryptographic protocols based on bilinear pairings which possess, to the best of our knowledge, proper security proofs in the existing security models.
Identity based cryptography from bilinear pairings
2005
This report contains an overview of two related areas of research in cryptography which have been prolific in significant advances in recent years. The first of these areas is pairing based cryptography. Bilinear pairings over elliptic curves were initially used as formal mathematical tools and later as cryptanalysis tools that rendered supersingular curves insecure. In recent years, bilinear pairings have been used to construct many cryptographic schemes. The second area covered by this report is identity based cryptography.
A More Efficient 1–Checkable Secure Outsourcing Algorithm for Bilinear Maps
Information Security Theory and Practice, 2018
With the rapid advancements in innovative technologies like cloud computing, internet of things, and mobile computing, the paradigm to delegate the heavy computational tasks from trusted and resourceconstrained devices to potentially untrusted and more powerful services has gained a lot of attention. Ensuring the verifiability of the outsourced computation along with the security and privacy requirements is an active research area. Several cryptographic protocols have been proposed by using pairing-based cryptographic techniques based on bilinear maps of suitable elliptic curves. However, the computational overhead of bilinear maps forms the most expensive part of those protocols. In this paper, we propose a new 1−checkable algorithm under the one-malicious version of a two-untrusted-program model. Our solution is approximately twice as efficient as the single comparably efficient 1−checkable solution in the literature, and requires only 4 elliptic curve point additions in the preimage and 6 field multiplications in the image of the bilinear map.
Identity-Based Encryption from the Tate Pairing on Genus Two Curves
HAL (Le Centre pour la Communication Scientifique Directe), 2022
Identity Based Encryption is an approach to link the public key to an identity. It is an extremely useful asymmetric cryptography type in which public and private keys are computed from a known identifier such as an email address instead of being generated randomly. This allows more flexibility in managing ad-hoc public key encryption and ensuring secure communications. The aim of this work is to improve IBE scheme using the bilinear Tate pairing on genus two curves with ordinary Jacobian over large prime fields. We present a full description of functional IBE scheme using the optimization of the Tate pairing computations. The proposed application answers a question of Boneh and Franklin [2] about the possibility of using the Tate pairing in IBE schemes and represents the first IBE exploiting pairings in genus two. We provide a full description of a functional IBE scheme using the optimization of the Tate pairing computations.
An extended abstract of this paper appears in the Proceedings of Crypto
We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming a variant of the computational Diffie-Hellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
Composite order bilinear pairing on elliptic curve for dual system encryption
2015
In this paper, we explore the pairing-based cryptography on elliptic curve. The security of protocols using composite order bilinear pairing on elliptic curve depends on the difficulty of factoring the number N. Here, we show how to construct composite ordinary pairing-friendly elliptic curve having the subgroup of composite order N by using Cocks-Pinch Method. We also introduce dual system encryption to transform Identity-Based Encryption (IBE) scheme built over prime-order bilinear, to composite order bilinear groups. The new Identity-Based Encryption (IBE) is secured since it uses the Dual System Encryption methodology which guaranteed full security of the new IBE system.
Secure and Efficient Delegation of Elliptic-Curve Pairing
Applied Cryptography and Network Security, 2020
Many public-key cryptosystems and, more generally, cryptographic protocols, use pairings as important primitive operations. To expand the applicability of these solutions to computationally weaker devices, it has been advocated that a computationally weaker client delegates such primitive operations to a computationally stronger server. Important requirements for such delegation protocols include privacy of the client's pairing inputs and security of the client's output, in the sense of detecting, except for very small probability, any malicious server's attempt to convince the client of an incorrect pairing result. In this paper we show that the computation of bilinear pairings in all known pairing-based cryptographic protocols can be efficiently, privately and securely delegated to a single, possibly malicious, server. Our techniques provides efficiency improvements over past work in all input scenarios, regardless on whether inputs are available to the parties in an offline phase or only in the online phase, and on whether they are public or have privacy requirements. The client's online runtime improvement is, for some of our protocols almost 1 order of magnitude, no matter which practical elliptic curve, among recently recommended ones, is used for the pairing realization.
Algebraic curves and cryptography
Finite Fields and Their Applications, 2005
Algebraic curves over finite fields are being extensively used in the design of public-key cryptographic schemes. This paper surveys some topics in algebraic curve cryptography, with an emphasis on recent developments in algorithms for the elliptic and hyperelliptic curve discrete logarithm problems, and computational problems in pairing-based cryptography.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.