### Table 1. Comparison of ID-based Ring Signature from Bilinear Pairings

2005

"... In PAGE 9: ... Before our proposal, the scheme that requires the least number of pairing operations is [4]. Table1 shows a summary of the efficiency of our proposed scheme. Taken into account the total cost of the signature generation and verification, we can see that our proposed scheme is the only scheme using a constant number of pairing operations, and with the least total amount of other operations.... ..."

Cited by 8

### TABLE II EFFICIENT ID-BASED SIGNATURES WITH MESSAGE RECOVERY.

### Table 1 : Comparison of computations in signature-then-encryption, ID-based signcryption by Malone-Lee, and the new signcryption scheme

2003

Cited by 9

### Table 1 : Comparison of computations in signature-then-encryption, ID-based signcryption by Malone-Lee, and the new signcryption scheme

2003

Cited by 9

### Table 1. RSA, XTR, ECC key sizes and RSA, XTR run times. shared ID-based non-ID-based key encrypting decrypting

2000

"... In PAGE 15: ...f high order. Using methods similar to the one alluded to in Subsection 3.3 this can be reduced to an overhead of, say, 48 bits (to generate curve and fleld based on the ID and 48 bits) plus 85 bits for the group order information. For XTR the sizes given in Table1 follow from Subsection 3.3.... In PAGE 15: ...able 2. 170-bit ECC, XTR comparison of number of multiplications in GF(p). encrypting decrypting encryption signing verifying signature DH speed DH size overhead overhead ECC 3400 1921 (1700) 171 (340) bits 1700 2575 170 bits 3842 (3400) 171 (340) bits XTR 2720 1360 340 bits 1360 2754 170 bits 2720 340 bits and XTR 100 random keys were generated. (ECC parameter generation is much slower and more complicated than for either RSA or XTR and not included in Table1 .) For RSA we used random 32-bit odd public exponents and 1020-bit moduli picked by randomly selecting 510-bit odd numbers and adding 2 until they are prime.... In PAGE 15: ...2. For each RSA key 10 encryptions and decryptions of random 1020-bit messages were carried out, the latter with Chinese remaindering (CRT) and without (in parentheses in Table1 ). For each XTR key 10 single and double exponentiations (i.... ..."

Cited by 61

### Table 1. RSA, XTR, ECC key sizes and RSA, XTR run times. shared ID-based non-ID-based key encrypting decrypting

"... In PAGE 15: ...rder. Using methods similar to the one alluded to in Subsection 3.3 this can be reduced to an overhead of, say, 48 bits (to generate curve and field based on the ID and 48 bits) plus 85 bits for the group order information. For XTR the sizes given in Table1 follow from Subsection 3.3.... In PAGE 15: ...able 2. 170-bit ECC, XTR comparison of number of multiplications in GF(p). encrypting decrypting encryption signing verifying signature DH speed DH size overhead overhead ECC 3400 1921 (1700) 171 (340) bits 1700 2575 170 bits 3842 (3400) 171 (340) bits XTR 2720 1360 340 bits 1360 2754 170 bits 2720 340 bits dom keys were generated. (ECC parameter generation is much slower and more complicated than for either RSA or XTR and not included in Table1 .) For RSA we used random 32-bit odd public exponents and 1020-bit moduli picked by randomly selecting 510-bit odd numbers and adding 2 until they are prime.... ..."

### Table 1: Summary of constant sizes

"... In PAGE 19: ...68). Table1 summarizes the size of the Mi constants necessary to get the outcome of Theorems 1 through 4. Table 1: Summary of constant sizes... ..."

### Table 1 describes the summary of comparison between several two-party ID-based protocols with two message ows. M denotes scalar-point multiplication, H denotes MapToPoint function [5] hashing identity to a point on an elliptic curve, and P denotes pairing. O -line computation can be pre-computed before the execution of the protocol, which includes public key derivation. Note that pairings are expensive and should be avoided whenever possible. MapToPoint is slightly more expensive but its cost is still comparable with that of scalar- point multiplication. The notation wBR denotes a restricted variant of the BR model whereby Session-Key Reveal query is not supported, FS denotes user forward secrecy while wKGC denotes weak KGC forward secrecy, and KCIR denotes key compromise impersonation resistance. As shown in Table 1, among the \unbroken quot; ID-based protocols that provide:

2007

"... In PAGE 12: ... #1 [14] 1M + 2P 2M 1H See [6] Choie et al. #2 [14] 2M + 1P 2M + 1P 1H See [6] Shim [30] 1P 2M 1H See [34] Xie #1 [36] 1P 3M 1M See [31] Xie #2 [36] 1P 3M 1M See [31] Table1 . Security and e ciency for two-party, two-message ID-based protocols 6 Ad-Hoc Anonymous Key Agreement Protocols This section describes our extended protocol for ad-hoc anonymous key agreement based on the ID-based ring signature scheme of Chow et al.... ..."

Cited by 2

### Table 4 Execution Times (in msec) in ID-based Encryption Schemes for the NIST Curves

"... In PAGE 17: ... The size of message encrypted in our implementation is 160 ASCII characters. Table4 lists the execution times in the ID-based encryption scheme using double-and-add method and halve-and-add method, and shows the improvements. The Weil pairing is the primitive operation for both encryption and decryption in the ID-based encryption scheme.... ..."