Results 1  10
of
54
Pairingfriendly elliptic curves of prime order
 In Selected Areas in Cryptography – SAC 2005
, 2006
"... Abstract. Previously known techniques to construct pairingfriendly curves of prime or nearprime order are restricted to embedding degree k � 6. More general methods produce curves over Fp where the bit length of p is often twice as large as that of the order r of the subgroup with embedding degree ..."
Abstract

Cited by 216 (13 self)
 Add to MetaCart
(Show Context)
Abstract. Previously known techniques to construct pairingfriendly curves of prime or nearprime order are restricted to embedding degree k � 6. More general methods produce curves over Fp where the bit length of p is often twice as large as that of the order r of the subgroup with embedding degree k; the best published results achieve ρ ≡ log(p) / log(r) ∼ 5/4. In this paper we make the first step towards surpassing these limitations by describing a method to construct elliptic curves of prime order and embedding degree k = 12. The new curves lead to very efficient implementation: nonpairing operations need no more than Fp4 arithmetic, and pairing values can be compressed to one third of their length in a way compatible with point reduction techniques. We also discuss the role of large CM discriminants D to minimize ρ; in particular, for embedding degree k = 2q where q is prime we show that the ability to handle log(D) / log(r) ∼ (q − 3)/(q − 1) enables building curves with ρ ∼ q/(q − 1).
A taxonomy of pairingfriendly elliptic curves
, 2006
"... Elliptic curves with small embedding degree and large primeorder subgroup are key ingredients for implementing pairingbased cryptographic systems. Such “pairingfriendly” curves are rare and thus require specific constructions. In this paper we give a single coherent framework that encompasses all ..."
Abstract

Cited by 110 (11 self)
 Add to MetaCart
(Show Context)
Elliptic curves with small embedding degree and large primeorder subgroup are key ingredients for implementing pairingbased cryptographic systems. Such “pairingfriendly” curves are rare and thus require specific constructions. In this paper we give a single coherent framework that encompasses all of the constructions of pairingfriendly elliptic curves currently existing in the literature. We also include new constructions of pairingfriendly curves that improve on the previously known constructions for certain embedding degrees. Finally, for all embedding degrees up to 50, we provide recommendations as to which pairingfriendly curves to choose to best satisfy a variety of performance and security requirements.
Pairingbased Cryptography at High Security Levels
 Proceedings of Cryptography and Coding 2005, volume 3796 of LNCS
, 2005
"... Abstract. In recent years cryptographic protocols based on the Weil and Tate pairings on elliptic curves have attracted much attention. A notable success in this area was the elegant solution by Boneh and Franklin [7] of the problem of efficient identitybased encryption. At the same time, the secur ..."
Abstract

Cited by 92 (3 self)
 Add to MetaCart
(Show Context)
Abstract. In recent years cryptographic protocols based on the Weil and Tate pairings on elliptic curves have attracted much attention. A notable success in this area was the elegant solution by Boneh and Franklin [7] of the problem of efficient identitybased encryption. At the same time, the security standards for public key cryptosystems are expected to increase, so that in the future they will be capable of providing security equivalent to 128, 192, or 256bit AES keys. In this paper we examine the implications of heightened security needs for pairingbased cryptosystems. We first describe three different reasons why highsecurity users might have concerns about the longterm viability of these systems. However, in our view none of the risks inherent in pairingbased systems are sufficiently serious to warrant pulling them from the shelves. We next discuss two families of elliptic curves E for use in pairingbased cryptosystems. The first has the property that the pairing takes values in the prime field Fp over which the curve is defined; the second family consists of supersingular curves with embedding degree k = 2. Finally, we examine the efficiency of the Weil pairing as opposed to the Tate pairing and compare a range of choices of embedding degree k, including k = 1 and k = 24. Let E be the elliptic curve 1.
Efficient implementation of pairingbased cryptosystems
 Journal of Cryptology
, 2004
"... ii ..."
(Show Context)
Locationbased compromisetolerant security mechanisms for wireless sensor networks
 IEEE J. Sel. Areas Commun
, 2006
"... Abstract Node compromise is a serious threat to wireless sensor networks deployed in unattended and hostile environments. To mitigate the impact of compromised nodes, we propose a suite of locationbased compromisetolerant security mechanisms. Based on a new cryptographic concept called pairing, ..."
Abstract

Cited by 64 (9 self)
 Add to MetaCart
(Show Context)
Abstract Node compromise is a serious threat to wireless sensor networks deployed in unattended and hostile environments. To mitigate the impact of compromised nodes, we propose a suite of locationbased compromisetolerant security mechanisms. Based on a new cryptographic concept called pairing, we propose the notion of locationbased keys (LBKs) by binding private keys of individual nodes to both their IDs and geographic locations. We then develop an LBKbased neighborhood authentication scheme to localize the impact of compromised nodes to their vicinity. We also present efcient approaches to establish a shared key between any two network nodes. In contrast to previous key establishment solutions, our approaches feature nearly perfect resilience to node compromise, low communication and computation overhead, low memory requirements, and high network scalability. Moreover, we demonstrate the efcacy of LBKs in counteracting several notorious attacks against sensor networks. Finally, we propose a locationbased thresholdendorsement scheme, called LTE, to thwart the infamous bogus data injection attack, in which adversaries inject lots of bogus data into the network. The utility of LTE in achieving remarkable energy savings is validated by detailed performance evaluation. Index Terms Wireless sensor networks, security, compromise tolerance, location, pairing.
Authenticated idbased key exchange and remote login with insecure token and pin number. http://eprint.iacr.org/2002/164
, 2002
"... ..."
(Show Context)
Efficient and provablysecure identitybased signatures and signcryption from bilinear maps
 Advances in cryptology –ASIACRYPT’05, Lecture Notes in Computer Science 3778
, 2005
"... ..."
Compressed Pairings
 In Advances in cryptology – Crypto’2004
, 2004
"... Pairingbased cryptosystems rely on bilinear nondegenerate maps called pairings, such as the Tate and Weil pairings defined over certain elliptic curve groups. In this paper we show how to compress pairing values, how to couple this technique with that of point compression, and how to benefit f ..."
Abstract

Cited by 47 (9 self)
 Add to MetaCart
Pairingbased cryptosystems rely on bilinear nondegenerate maps called pairings, such as the Tate and Weil pairings defined over certain elliptic curve groups. In this paper we show how to compress pairing values, how to couple this technique with that of point compression, and how to benefit from the compressed representation to speed up exponentiations involving pairing values, as required in many pairing based protocols.
MASK: Anonymous OnDemand Routing in Mobile Ad Hoc Networks
 IEEE Trans. Wireless Comm
, 2006
"... Abstract — The shared wireless medium of mobile ad hoc networks facilitates passive, adversarial eavesdropping on data communications whereby adversaries can launch various devastating attacks on the target network. To thwart passive eavesdropping and the resulting attacks, we propose a novel anon ..."
Abstract

Cited by 47 (9 self)
 Add to MetaCart
(Show Context)
Abstract — The shared wireless medium of mobile ad hoc networks facilitates passive, adversarial eavesdropping on data communications whereby adversaries can launch various devastating attacks on the target network. To thwart passive eavesdropping and the resulting attacks, we propose a novel anonymous ondemand routing protocol, termed MASK, which can accomplish both MAClayer and networklayer communications without disclosing real IDs of the participating nodes under a rather strong adversary model. MASK offers the anonymity of senders, receivers, and senderreceiver relationships in addition to node unlocatability and untrackability and endtoend flow untraceability. It is also resistant to a wide range of attacks. Moreover, MASK preserves the high routing efficiency as compared to previous proposals. Detailed simulation studies have shown that MASK is highly effective and efficient. Index Terms — Mobile ad hoc networks, security, eavesdropping, anonymity, routing. I.
Ordinary abelian varieties having small embedding degree
 IN PROC. WORKSHOP ON MATHEMATICAL PROBLEMS AND TECHNIQUES IN CRYPTOLOGY
, 2004
"... Miyaji, Nakabayashi and Takano (MNT) gave families of group orders of ordinary elliptic curves with embedding degree suitable for pairing applications. In this paper we generalise their results by giving families corresponding to nonprime group orders. We also consider the case of ordinary abelia ..."
Abstract

Cited by 38 (1 self)
 Add to MetaCart
(Show Context)
Miyaji, Nakabayashi and Takano (MNT) gave families of group orders of ordinary elliptic curves with embedding degree suitable for pairing applications. In this paper we generalise their results by giving families corresponding to nonprime group orders. We also consider the case of ordinary abelian varieties of dimension 2. We give families of group orders with embedding degrees 5, 10 and 12.