Results 1  10
of
361
IdentityBased Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract

Cited by 1700 (29 self)
 Add to MetaCart
(Show Context)
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
Short signatures from the Weil pairing
, 2001
"... Abstract. We introduce a short signature scheme based on the Computational DiffieHellman assumption on certain elliptic and hyperelliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signa ..."
Abstract

Cited by 743 (28 self)
 Add to MetaCart
Abstract. We introduce a short signature scheme based on the Computational DiffieHellman assumption on certain elliptic and hyperelliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or signatures are sent over a lowbandwidth channel. 1
Hierarchical IDBased Cryptography
, 2002
"... We present hierarchical identitybased encryption schemes and signature schemes that have total collusion resistance on an arbitrary number of levels and that have chosen ciphertext security in the random oracle model assuming the difficulty of the Bilinear DiffieHellman problem. ..."
Abstract

Cited by 253 (3 self)
 Add to MetaCart
(Show Context)
We present hierarchical identitybased encryption schemes and signature schemes that have total collusion resistance on an arbitrary number of levels and that have chosen ciphertext security in the random oracle model assuming the difficulty of the Bilinear DiffieHellman problem.
Efficient Pairing Computation on Supersingular Abelian Varieties
 Designs, Codes and Cryptography
, 2004
"... We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. As particular cases, we describe efficient pairing algorithms for elliptic and hyperelliptic curves in characteristic 2. The latter is faster than all previously known pairing algorithms, and ..."
Abstract

Cited by 176 (25 self)
 Add to MetaCart
(Show Context)
We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. As particular cases, we describe efficient pairing algorithms for elliptic and hyperelliptic curves in characteristic 2. The latter is faster than all previously known pairing algorithms, and as a bonus also gives rise to faster conventional Jacobian arithmetic.
Implementing Tate Pairing
 IN ALGORITHMIC NUMBER THEORY SYMPOSIUM
, 2002
"... The Weil and Tate pairings have found several new applications in cryptography. To efficiently implement these cryptosystems it is necessary to optimise the computation time for the Tate pairing. This paper provides methods to achieve fast computation of the Tate pairing. We also give divisionfre ..."
Abstract

Cited by 168 (5 self)
 Add to MetaCart
(Show Context)
The Weil and Tate pairings have found several new applications in cryptography. To efficiently implement these cryptosystems it is necessary to optimise the computation time for the Tate pairing. This paper provides methods to achieve fast computation of the Tate pairing. We also give divisionfree formulae for point tripling on a family of elliptic curves in characteristic three. Examples of the running time for these methods are given.
Anonymous hierarchical identitybased encryption (without random oracles
 In Advances in Cryptology — Crypto 2006, LNCS 4117
"... Abstract. We present an identitybased cryptosystem that features fully anonymous ciphertexts and hierarchical key delegation. We give a proof of security in the standard model, based on the mild Decision Linear complexity assumption in bilinear groups. The system is efficient and practical, with sm ..."
Abstract

Cited by 118 (10 self)
 Add to MetaCart
(Show Context)
Abstract. We present an identitybased cryptosystem that features fully anonymous ciphertexts and hierarchical key delegation. We give a proof of security in the standard model, based on the mild Decision Linear complexity assumption in bilinear groups. The system is efficient and practical, with small ciphertexts of size linear in the depth of the hierarchy. Applications include search on encrypted data, fully private communication, etc. Our results resolve two open problems pertaining to anonymous identitybased encryption, our scheme being the first to offer provable anonymity in the standard model, in addition to being the first to realize fully anonymous HIBE at all levels in the hierarchy. 1
The Eta Pairing Revisited
 IEEE TRANSACTIONS ON INFORMATION THEORY
, 2006
"... In this paper we simplify and extend the Eta pairing, originally discovered in the setting of supersingular curves by Barreto et al., to ordinary curves. Furthermore, we show that by swapping the arguments of the Eta pairing, one obtains a very efficient algorithm resulting in a speedup of a fact ..."
Abstract

Cited by 114 (9 self)
 Add to MetaCart
(Show Context)
In this paper we simplify and extend the Eta pairing, originally discovered in the setting of supersingular curves by Barreto et al., to ordinary curves. Furthermore, we show that by swapping the arguments of the Eta pairing, one obtains a very efficient algorithm resulting in a speedup of a factor of around six over the usual Tate pairing, in the case of curves which have large security parameters, complex multiplication by an order of Q ( √ −3), and when the trace of Frobenius is chosen to be suitably small. Other, more minor savings are obtained for more general curves.
A taxonomy of pairingfriendly elliptic curves
, 2006
"... Elliptic curves with small embedding degree and large primeorder subgroup are key ingredients for implementing pairingbased cryptographic systems. Such “pairingfriendly” curves are rare and thus require specific constructions. In this paper we give a single coherent framework that encompasses all ..."
Abstract

Cited by 110 (11 self)
 Add to MetaCart
(Show Context)
Elliptic curves with small embedding degree and large primeorder subgroup are key ingredients for implementing pairingbased cryptographic systems. Such “pairingfriendly” curves are rare and thus require specific constructions. In this paper we give a single coherent framework that encompasses all of the constructions of pairingfriendly elliptic curves currently existing in the literature. We also include new constructions of pairingfriendly curves that improve on the previously known constructions for certain embedding degrees. Finally, for all embedding degrees up to 50, we provide recommendations as to which pairingfriendly curves to choose to best satisfy a variety of performance and security requirements.
IDBased Blind Signature and Ring Signature from Pairings
 Proc. of Asiacrpt2002, LNCS 2501
, 2002
"... Recently the bilinear pairing such as Weil pairing or Tate pairing on elliptic curves and hyperelliptic curves have been found various applications in cryptography. Several identitybased (simply IDbased) cryptosystems using bilinear pairings of elliptic curves or hyperelliptic curves were presente ..."
Abstract

Cited by 98 (13 self)
 Add to MetaCart
(Show Context)
Recently the bilinear pairing such as Weil pairing or Tate pairing on elliptic curves and hyperelliptic curves have been found various applications in cryptography. Several identitybased (simply IDbased) cryptosystems using bilinear pairings of elliptic curves or hyperelliptic curves were presented. Blind signature and ring signature are very useful to provide the user's anonymity and the signer's privacy. They are playing an important role in building ecommerce. In this paper, we firstly propose an IDbased blind signature scheme and an IDbased ring signature scheme, both of which are based on the bilinear pairings. Also we analyze their security and e#ciency.
Secret handshakes from pairingbased key agreements
 In IEEE Symposium on Security and Privacy
, 2003
"... Consider a CIA agent who wants to authenticate herself to a server, but does not want to reveal her CIA credentials unless the server is a genuine CIA outlet. Consider also that the CIA server does not want to reveal its CIA credentials to anyone but CIA agents – not even to other CIA servers. In th ..."
Abstract

Cited by 98 (0 self)
 Add to MetaCart
(Show Context)
Consider a CIA agent who wants to authenticate herself to a server, but does not want to reveal her CIA credentials unless the server is a genuine CIA outlet. Consider also that the CIA server does not want to reveal its CIA credentials to anyone but CIA agents – not even to other CIA servers. In this paper we first show how pairingbased cryptography can be used to implement such secret handshakes. We then propose a formal definition for secure secret handshakes, and prove that our pairingbased schemes are secure under the Bilinear DiffieHellman assumption. Our protocols support rolebased group membership authentication, traceability, indistinguishability to eavesdroppers, unbounded collusion resistance, and forward repudiability. Our secrethandshake scheme can be implemented as a TLS cipher suite. We report on the performance of our preliminary Java implementation. 1.