Results 1  10
of
46
Efficient Pairing Computation on Supersingular Abelian Varieties
 Designs, Codes and Cryptography
, 2004
"... We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. As particular cases, we describe efficient pairing algorithms for elliptic and hyperelliptic curves in characteristic 2. The latter is faster than all previously known pairing algorithms, and ..."
Abstract

Cited by 176 (25 self)
 Add to MetaCart
(Show Context)
We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. As particular cases, we describe efficient pairing algorithms for elliptic and hyperelliptic curves in characteristic 2. The latter is faster than all previously known pairing algorithms, and as a bonus also gives rise to faster conventional Jacobian arithmetic.
Pairingbased Cryptography at High Security Levels
 Proceedings of Cryptography and Coding 2005, volume 3796 of LNCS
, 2005
"... Abstract. In recent years cryptographic protocols based on the Weil and Tate pairings on elliptic curves have attracted much attention. A notable success in this area was the elegant solution by Boneh and Franklin [7] of the problem of efficient identitybased encryption. At the same time, the secur ..."
Abstract

Cited by 92 (3 self)
 Add to MetaCart
(Show Context)
Abstract. In recent years cryptographic protocols based on the Weil and Tate pairings on elliptic curves have attracted much attention. A notable success in this area was the elegant solution by Boneh and Franklin [7] of the problem of efficient identitybased encryption. At the same time, the security standards for public key cryptosystems are expected to increase, so that in the future they will be capable of providing security equivalent to 128, 192, or 256bit AES keys. In this paper we examine the implications of heightened security needs for pairingbased cryptosystems. We first describe three different reasons why highsecurity users might have concerns about the longterm viability of these systems. However, in our view none of the risks inherent in pairingbased systems are sufficiently serious to warrant pulling them from the shelves. We next discuss two families of elliptic curves E for use in pairingbased cryptosystems. The first has the property that the pairing takes values in the prime field Fp over which the curve is defined; the second family consists of supersingular curves with embedding degree k = 2. Finally, we examine the efficiency of the Weil pairing as opposed to the Tate pairing and compare a range of choices of embedding degree k, including k = 1 and k = 24. Let E be the elliptic curve 1.
A New TwoParty IdentityBased Authenticated Key Agreement
 In proceedings of CTRSA 2005, LNCS 3376
, 2004
"... We present a new twoparty identitybased key agreement that is more e#cient than previously proposed schemes. It is inspired on a new identitybased key pair derivation algorithm first proposed by Sakai and Kasahara. We show how this key agreement can be used in either escrowed or escrowless mo ..."
Abstract

Cited by 61 (0 self)
 Add to MetaCart
(Show Context)
We present a new twoparty identitybased key agreement that is more e#cient than previously proposed schemes. It is inspired on a new identitybased key pair derivation algorithm first proposed by Sakai and Kasahara. We show how this key agreement can be used in either escrowed or escrowless mode. We also describe conditions under which users of di#erent Key Generation Centres can agree on a shared secret key. We give an overview of existing twoparty key agreement protocols, and compare our new scheme with existing ones in terms of computational cost and storage requirements.
Aggregated path authentication for efficient bgp security
 In ACM Conferernce on Computer and Communication Security (CCS
, 2005
"... The Border Gateway Protocol (BGP) controls interdomain routing in the Internet. BGP is vulnerable to many attacks, since routers rely on hearsay information from neighbors. Secure BGP (SBGP) uses DSA to provide route authentication and mitigate many of these risks. However, many performance and de ..."
Abstract

Cited by 42 (1 self)
 Add to MetaCart
(Show Context)
The Border Gateway Protocol (BGP) controls interdomain routing in the Internet. BGP is vulnerable to many attacks, since routers rely on hearsay information from neighbors. Secure BGP (SBGP) uses DSA to provide route authentication and mitigate many of these risks. However, many performance and deployment issues prevent SBGP’s realworld deployment. Previous work has explored improving SBGP processing latencies, but space problems, such as increased message size and memory cost, remain the major obstacles. In this paper, we design aggregated path authentication schemes by combining two efficient cryptographic techniques— signature amortization and aggregate signatures. We propose six constructions for aggregated path authentication that substantially improve efficiency of SBGP’s path authentication on both speed and space criteria. Our performance evaluation shows that the new schemes achieve such an efficiency that they may overcome the space obstacles and provide a realworld practical solution for BGP security. Categories and Subject Descriptors C.2.0 [Computercommunication networks]: Generalsecurity and
Security Proof of SakaiKasahara's IdentityBased Encryption Scheme
 In Proceedings of Cryptography and Coding 2005, LNCS 3706
, 2005
"... Identitybased encryption (IBE) is a special asymmetric encryption method where a public encryption key can be an arbitrary identifier and the corresponding private decryption key is created by binding the identifier with a system's master secret. In 2003 Sakai and Kasahara proposed a new I ..."
Abstract

Cited by 31 (5 self)
 Add to MetaCart
(Show Context)
Identitybased encryption (IBE) is a special asymmetric encryption method where a public encryption key can be an arbitrary identifier and the corresponding private decryption key is created by binding the identifier with a system's master secret. In 2003 Sakai and Kasahara proposed a new IBE scheme, which has the potential to improve performance.
High Security PairingBased Cryptography Revisited
 In Algorithmic Number Theory Symposium – ANTS VII, SpringerVerlag LNCS XXXX, XXXX–XXXX
, 2006
"... The security and performance of pairing based cryptography has provoked a large volume of research, in part because of the exciting new cryptographic schemes that it underpins. We reexamine how one should implement pairings over ordinary elliptic curves for various practical levels of security. ..."
Abstract

Cited by 31 (5 self)
 Add to MetaCart
The security and performance of pairing based cryptography has provoked a large volume of research, in part because of the exciting new cryptographic schemes that it underpins. We reexamine how one should implement pairings over ordinary elliptic curves for various practical levels of security. We conclude, contrary to prior work, that the Tate pairing is more e#cient than the Weil pairing for all such security levels. This is achieved by using e#cient exponentiation techniques in the cyclotomic subgroup backed by e#cient squaring routines within the same subgroup.
Efficient hardware for the tate pairing calculation in characteristic three
 in Proceedings of the 7th International Workshop on Cryptographic Hardware and Embedded Systems (CHES), Josyula R. Rao and Berk Sunar
"... Abstract. In this paper the benefits of implementation of the Tate pairing computation on dedicated hardware are discussed. The main observation lies in the fact that arithmetic architectures in the extension field GF (3 6m) are good candidates for parallelization, leading to a similar calculation t ..."
Abstract

Cited by 28 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper the benefits of implementation of the Tate pairing computation on dedicated hardware are discussed. The main observation lies in the fact that arithmetic architectures in the extension field GF (3 6m) are good candidates for parallelization, leading to a similar calculation time in hardware as for operations over the base field GF (3 m). Using this approach, an architecture for the hardware implementation of the Tate pairing calculation based on a modified DuursmaLee algorithm is proposed.
Highspeed software implementation of the optimal ate pairing over Barreto–Naehrig curves
 PAIRINGBASED CRYPTOGRAPHY–PAIRING 2010. LECTURE NOTES IN COMPUTER SCIENCE
, 2010
"... This paper describes the design of a fast software library for the computation of the optimal ate pairing on a Barreto–Naehrig elliptic curve. Our library is able to compute the optimal ate pairing over a 254bit prime field Fp, injust2.33 million of clock cycles on a single core of an Intel Core ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
(Show Context)
This paper describes the design of a fast software library for the computation of the optimal ate pairing on a Barreto–Naehrig elliptic curve. Our library is able to compute the optimal ate pairing over a 254bit prime field Fp, injust2.33 million of clock cycles on a single core of an Intel Core i7 2.8GHz processor, which implies that the pairing computation takes 0.832msec. We are able to achieve this performance by a careful implementation of the base field arithmetic through the usage of the customary Montgomery multiplier for prime fields. The prime field is constructed via the Barreto–Naehrig polynomial parametrization of the prime p given as, p =36t 4 +36t 3 +24t 2 +6t +1, with t =2 62 − 2 54 +2 44. This selection of t allows us to obtain important savings for both the Miller loop as well as the final exponentiation steps of the optimal ate pairing.
On constructing certificateless cryptosystems from identity based encryption
 In PKC 2006
, 2006
"... Abstract. Certificateless cryptography (CLPKC) is a concept that aims at enjoying the advantages of identity based cryptography without suffering from its inherent key escrow. Several methods were recently suggested to generically construct a certificateless encryption (CLE) scheme by combining ide ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Certificateless cryptography (CLPKC) is a concept that aims at enjoying the advantages of identity based cryptography without suffering from its inherent key escrow. Several methods were recently suggested to generically construct a certificateless encryption (CLE) scheme by combining identity based schemes with ordinary public key cryptosystems. Whilst the security of one of these generic compositions was proved in a relaxed security model, we show that all them are insecure against chosenciphertext attacks in the strongest model of AlRiyami and Paterson. We show how to easily fix these problems and give a method to achieve generic CLE constructions which are provably CCAsecure in the random oracle model. We finally propose a new efficient pairingbased scheme that performs better than previous proposals without precomputation. We also prove its security in the random oracle model.