Results 1  10
of
70
IdentityBased Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract

Cited by 1522 (28 self)
 Add to MetaCart
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
Short signatures from the Weil pairing
, 2001
"... Abstract. We introduce a short signature scheme based on the Computational DiffieHellman assumption on certain elliptic and hyperelliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signa ..."
Abstract

Cited by 680 (28 self)
 Add to MetaCart
(Show Context)
Abstract. We introduce a short signature scheme based on the Computational DiffieHellman assumption on certain elliptic and hyperelliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or signatures are sent over a lowbandwidth channel. 1
Evaluating 2dnf formulas on ciphertexts
 In proceedings of TCC ’05, LNCS series
, 2005
"... Abstract. Let ψ be a 2DNF formula on boolean variables x1,..., xn ∈ {0, 1}. We present a homomorphic public key encryption scheme that allows the public evaluation of ψ given an encryption of the variables x1,..., xn. In other words, given the encryption of the bits x1,..., xn, anyone can create th ..."
Abstract

Cited by 199 (7 self)
 Add to MetaCart
(Show Context)
Abstract. Let ψ be a 2DNF formula on boolean variables x1,..., xn ∈ {0, 1}. We present a homomorphic public key encryption scheme that allows the public evaluation of ψ given an encryption of the variables x1,..., xn. In other words, given the encryption of the bits x1,..., xn, anyone can create the encryption of ψ(x1,..., xn). More generally, we can evaluate quadratic multivariate polynomials on ciphertexts provided the resulting value falls within a small set. We present a number of applications of the system: 1. In a database of size n, the total communication in the basic step of the KushilevitzOstrovsky PIR protocol is reduced from √ n to 3 √ n. 2. An efficient election system based on homomorphic encryption where voters do not need to include noninteractive zero knowledge proofs that their ballots are valid. The election system is proved secure without random oracles but still efficient. 3. A protocol for universally verifiable computation. 1
Efficient Identity Based Signature Schemes Based on Pairings
 SAC 2002, LNCS 2595
, 2002
"... We develop an efficient identity based signature scheme based on pairings whose security relies on the hardness of the DiffieHellman problem in the random oracle model. We describe how this scheme is obtained as a special version of a more general generic scheme which yields further new provably se ..."
Abstract

Cited by 181 (2 self)
 Add to MetaCart
We develop an efficient identity based signature scheme based on pairings whose security relies on the hardness of the DiffieHellman problem in the random oracle model. We describe how this scheme is obtained as a special version of a more general generic scheme which yields further new provably secure identity based signature schemes if pairings are used. The generic scheme also includes traditional public key signature schemes. We further discuss issues of key escrow and the distribution of keys to multiple trust authorities. The appendix contains a brief description of the relevant properties of supersingular elliptic curves and the Weil and Tate pairings.
Efficient Pairing Computation on Supersingular Abelian Varieties
 Designs, Codes and Cryptography
, 2004
"... We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. As particular cases, we describe efficient pairing algorithms for elliptic and hyperelliptic curves in characteristic 2. The latter is faster than all previously known pairing algorithms, and ..."
Abstract

Cited by 164 (26 self)
 Add to MetaCart
(Show Context)
We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. As particular cases, we describe efficient pairing algorithms for elliptic and hyperelliptic curves in characteristic 2. The latter is faster than all previously known pairing algorithms, and as a bonus also gives rise to faster conventional Jacobian arithmetic.
Implementing Tate Pairing
 In Algorithmic Number Theory Symposium
, 2002
"... bilinear pairing, implementing characteristic 3 The Weil and Tate pairings have found several new applications in cryptography. To efficiently implement these cryptosystems it is necessary to optimise the computation time for the Tate pairing. This paper provides methods to achieve fast computation ..."
Abstract

Cited by 162 (5 self)
 Add to MetaCart
(Show Context)
bilinear pairing, implementing characteristic 3 The Weil and Tate pairings have found several new applications in cryptography. To efficiently implement these cryptosystems it is necessary to optimise the computation time for the Tate pairing. This paper provides methods to achieve fast computation of the Tate pairing. We also give divisionfree formulae for point tripling on a family of elliptic curves in characteristic three. Examples of the running time for these methods are given.
Tate Pairing Implementation for Hyperelliptic Curves y2 xp xþ d
 Advances in Cryptology— Proc. ASIACRYPT ’03
, 2003
"... Abstract. The Weil and Tate pairings have been used recently to build new schemes in cryptography. It is known that the Weil pairing takes longer than twice the running time of the Tate pairing. Hence it is necessary to develop more efficient implementations of the Tate pairing for the practical ap ..."
Abstract

Cited by 91 (5 self)
 Add to MetaCart
(Show Context)
Abstract. The Weil and Tate pairings have been used recently to build new schemes in cryptography. It is known that the Weil pairing takes longer than twice the running time of the Tate pairing. Hence it is necessary to develop more efficient implementations of the Tate pairing for the practical application of pairing based cryptosystems. In 2002, Barreto et al. and Galbraith et al. provided new algorithms for the fast computation of the Tate pairing in characteristic three. In this paper, we give a closed formula for the Tate pairing on the hyperelliptic curve y2 = xp−x+d in characteristic p. This result improves the implementations in [BKLS02], [GHS02] for the special case p = 3. 1
An Identity Based Authenticated Key Agreement Protocol Based on the Weil Pairing
 Electronics Letters
, 2001
"... We describe an ID based authenticated two pass key agreement protocol which makes use of the Weil pairing. The protocol is described and its properties are discussed including the ability to add key confirmation. ..."
Abstract

Cited by 70 (2 self)
 Add to MetaCart
(Show Context)
We describe an ID based authenticated two pass key agreement protocol which makes use of the Weil pairing. The protocol is described and its properties are discussed including the ability to add key confirmation.
Compressed Pairings
 In Advances in cryptology – Crypto’2004
, 2004
"... Pairingbased cryptosystems rely on bilinear nondegenerate maps called pairings, such as the Tate and Weil pairings defined over certain elliptic curve groups. In this paper we show how to compress pairing values, how to couple this technique with that of point compression, and how to benefit f ..."
Abstract

Cited by 46 (9 self)
 Add to MetaCart
Pairingbased cryptosystems rely on bilinear nondegenerate maps called pairings, such as the Tate and Weil pairings defined over certain elliptic curve groups. In this paper we show how to compress pairing values, how to couple this technique with that of point compression, and how to benefit from the compressed representation to speed up exponentiations involving pairing values, as required in many pairing based protocols.
Software implementation of finite fields in characteristic three
, 2002
"... Abstract. In this paper we examine a number of ways of implementing characteristic three arithmetic in hardware. While this type of arithmetic is not traditionally used in cryptographic systems, recent advances in Tate and Weil pairing based cryptosystems show that it is potentially valuable. We exa ..."
Abstract

Cited by 37 (3 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we examine a number of ways of implementing characteristic three arithmetic in hardware. While this type of arithmetic is not traditionally used in cryptographic systems, recent advances in Tate and Weil pairing based cryptosystems show that it is potentially valuable. We examine a hardware oriented representation of the field elements, comparing the resulting algorithms for field addition and multiplication operations, and show that characteristic three arithmetic need not significantly underperform comparable characteristic two alternatives. 1