Results 1 
6 of
6
IdentityBased Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract

Cited by 1123 (24 self)
 Add to MetaCart
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
Efficient algorithms for pairingbased cryptosystems
, 2002
"... Abstract. We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in ..."
Abstract

Cited by 291 (23 self)
 Add to MetaCart
Abstract. We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics. We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over Fpm, the latter technique being also useful in contexts other than that of pairingbased cryptography. 1
Applications of Multilinear Forms to Cryptography
 Contemporary Mathematics
, 2002
"... We study the problem of finding efficiently computable nondegenerate multilinear maps from G 1 to G 2 , where G 1 and G 2 are groups of the same prime order, and where computing discrete logarithms in G 1 is hard. We present several applications to cryptography, explore directions for building such ..."
Abstract

Cited by 51 (7 self)
 Add to MetaCart
We study the problem of finding efficiently computable nondegenerate multilinear maps from G 1 to G 2 , where G 1 and G 2 are groups of the same prime order, and where computing discrete logarithms in G 1 is hard. We present several applications to cryptography, explore directions for building such maps, and give some reasons to believe that finding examples with n > 2 may be difficult.
Fast Hashing Onto Elliptic Curves Over Fields of Characteristic 3
, 2001
"... We describe a fast hash algorithm that maps arbitrary messages onto points of an elliptic curve de ned over a nite eld of characteristic 3. Our new scheme runs in time O(m 2 ) for curves over F3 m . The best previous algorithm for this task runs in time O(m 3 ). Experimental data con rms the speedup ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
We describe a fast hash algorithm that maps arbitrary messages onto points of an elliptic curve de ned over a nite eld of characteristic 3. Our new scheme runs in time O(m 2 ) for curves over F3 m . The best previous algorithm for this task runs in time O(m 3 ). Experimental data con rms the speedup by a factor O(m), or approximately a hundred times for practical m values. Our results apply for both standard and normal basis representations of F3 m . 1
TatePairing Implementations for Tripartite Key Agreement
, 2003
"... We give a closed formula for the Tatepairing on the hyperelliptic curve y x + d in characteristic p. This improves recent implementations by Barreto et.al. and by Galbraith et.al. for the special case p = 3. As an application, we propose a nround key agreement protocol for up to participant ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
We give a closed formula for the Tatepairing on the hyperelliptic curve y x + d in characteristic p. This improves recent implementations by Barreto et.al. and by Galbraith et.al. for the special case p = 3. As an application, we propose a nround key agreement protocol for up to participants by extending Joux's pairingbased protocol to n rounds.
Optimizing the MenezesOkamotoVanstone (MOV) Algorithm for NonSupersingular Elliptic Curves
, 1999
"... . We address the MenezesOkamotoVanstone (MOV) algorithm for attacking elliptic curve cryptosystems which is completed in subexponential time for supersingular elliptic curves. There exist two hurdles to clear, from an algorithmic point of view, in applying the MOV reduction to general elliptic cur ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
. We address the MenezesOkamotoVanstone (MOV) algorithm for attacking elliptic curve cryptosystems which is completed in subexponential time for supersingular elliptic curves. There exist two hurdles to clear, from an algorithmic point of view, in applying the MOV reduction to general elliptic curves: the problem of explicitly determining the minimum extension degree k such that E[n] E(F q^k) and that of efficiently finding an ntorsion point needed to evaluate the Weil pairing, where n is the order of a cyclic group of the elliptic curve discrete logarithm problem. We can find an answer to the first problem in a recent paper by Balasubramanian and Koblitz. On the other hand, the second problem is important as well, since the reduction might require exponential time even for small k. In this paper, we actually construct a method of efficiently finding an ntorsion point, which leads to a solution of the second problem. In addition, our contribution allows us to draw the conclusion that the ...