Showing papers on "Weil pairing published in 2004"
TL;DR: A short signature scheme based on the Computational Diffie–Hellman assumption on certain elliptic and hyperelliptic curves is introduced for systems where signatures are typed in by a human or are sent over a low-bandwidth channel.
Abstract: We introduce a short signature scheme based on the Computational Diffie–Hellman assumption on certain elliptic and hyperelliptic curves. For standard security parameters, the signature length is about half that of a DSA signature with a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or are sent over a low-bandwidth channel. We survey a number of properties of our signature scheme such as signature aggregation and batch verification.
1,171 citations
TL;DR: The definition of the Weil Pairing is given, efficient algorithms to calculate it are described, two applications are given, and the motivation to considering it is described.
Abstract: The Weil Pairing, first introduced by Andre Weil in 1940, plays an important role in the theoretical study of the arithmetic of elliptic curves and Abelian varieties. It has also recently become extremely useful in cryptologic constructions related to those objects. This paper gives the definition of the Weil Pairing, describes efficient algorithms to calculate it, gives two applications, and describes the motivation to considering it.
637 citations
Posted Content•
TL;DR: In this article, the authors have tried to cover different cryptographic protocols based on bilinear pairings which possess, to the best of our knowledge, proper security proofs in the existing security models.
Abstract: The bilinear pairing such as Weil pairing or Tate pairing on elliptic and hyperelliptic curves have recently been found applications in design of cryptographic protocols. In this survey, we have tried to cover different cryptographic protocols based on bilinear pairings which possess, to the best of our knowledge, proper security proofs in the existing security models.
243 citations
23 Aug 2004
TL;DR: A ring signature scheme based on the bilinear pairings, which is secure against chosen message attacks without random oracles is proposed, and is used to construct a concurrent signature scheme for fair exchange of signatures.
Abstract: The bilinear pairings such as Weil pairing or Tate pairing over elliptic curves and hyperelliptic curves have been found various applications in cryptography very recently. Ring signature is a very useful tool to provide the user's anonymity and the signer's privacy. In this paper, we propose a ring signature scheme based on the bilinear pairings, which is secure against chosen message attacks without random oracles. Moreover, we use this ring signature scheme to construct a concurrent signature scheme for fair exchange of signatures.
50 citations
TL;DR: In this paper, the authors show how Anderson's paper [1] gives rise to an analogue of this pairing for Drinfeld modules, which is a perfect bilinear form from the mtorsion of the elliptic curve E to the m-th roots of unity.
Abstract: As is well-known, there exists a Weil pairing for elliptic curves which is a perfect bilinear form from the m-torsion of the elliptic curve E to the m-th roots of unity. In this paper we will show how Anderson’s paper [1] gives rise to an analogue of this pairing for Drinfeld modules.
33 citations
Posted Content•
TL;DR: This paper shows how a particular kind of signcryption scheme may become completely insecure when implemented with certain efficient instantiations of the Tate or Weil pairing, and addresses the drawbacks of the secure schemes by proposing efficient, semantically and forward-secure signc encryption schemes that can be realised on top of any pairing instantiation.
Abstract: Several signcryption schemes proposed in the literature are known to lack semantic security, and semantically secure signcryption schemes tend to be more computationally expensive. In fact, devising an efficient signcryption scheme providing both public verifiability and forward security was until now an open problem. In this paper, we show how a particular kind of signcryption scheme may become completely insecure when implemented with certain efficient instantiations of the Tate or Weil pairing. We also address the drawbacks of the secure schemes by proposing efficient, semantically and forward-secure signcryption schemes, in both transferable and non-transferable form, that can be realised on top of any pairing instantiation. As a bonus, we also derive from them a new, efficient identity-based signature scheme.
32 citations
13 Jun 2004
TL;DR: In this article, the squared Weil and Tate pairings on elliptic curves and the squared Tate pairing on hyperelliptic curves are presented. But the squared pairings introduced in this paper have the advantage that their algorithms for evaluating them are deterministic and do not depend on a random choice of points.
Abstract: We present algorithms for computing the squared Weil and Tate pairings on elliptic curves and the squared Tate pairing on hyperelliptic curves. The squared pairings introduced in this paper have the advantage that our algorithms for evaluating them are deterministic and do not depend on a random choice of points. Our algorithm to evaluate the squared Weil pairing is about 20% more efficient than the standard Weil pairing. Our algorithm for the squared Tate pairing on elliptic curves matches the efficiency of the algorithm given by Barreto, Lynn, and Scott in the case of arbitrary base points where their denominator cancellation technique does not apply. Our algorithm for the squared Tate pairing for hyperelliptic curves is the first detailed implementation of the pairing for general hyperelliptic curves of genus 2, and saves an estimated 30% over the standard algorithm.
30 citations
13 Jul 2004
TL;DR: The Weil and Tate pairings are a popular new gadget in cryptography and have found many applications, including identity-based cryptography as mentioned in this paper, and have been used for key exchange protocols.
Abstract: The Weil and Tate pairings are a popular new gadget in cryptography and have found many applications, including identity-based cryptography. In particular, the pairings have been used for key exchange protocols.
20 citations
25 Jun 2004
TL;DR: A threshold password-only roaming protocol using (k,n)-threshold scheme which only k honest servers or more are engaged to reconstruct a secret key is suggested which could be built from Weil pairing or Tate pairing.
Abstract: We present a new threshold password-based authentication protocol that allows a roaming user(a user who accesses a network from different client terminals) to download a private key from remote servers with knowledge of only his identity and password. He does not need to carry the smart card storing his private information. We aim that a protocol has to allow a user to get his private key from the servers, even if some of the servers are compromised under the multi-server roaming system. In this paper, we firstly suggest a threshold password-only roaming protocol using (k,n)-threshold scheme which only k honest servers or more are engaged to reconstruct a secret key. Our scheme is based on bilinear pairings which could be built from Weil pairing or Tate pairing.
15 citations
01 Jan 2004
TL;DR: This paper points out the reason why their identification scheme is not secure, and improves their scheme such that the modified scheme is secure against active attacks if the Gap Diffie-Hellman problem is intractable.
Abstract: Kim and Kim recently proposed a new identification scheme based on the Gap Diffie-Hellman problem, and proved that their scheme is secure against active attacks if the Gap Diffie-Hellman problem is intractable. However, their identification scheme is NOT secure in fact. In this paper, we first point out the reason why their scheme is not secure, and then improve their scheme such that the modified scheme is secure against active attacks if the Gap Diffie-Hellman problem is intractable.
13 citations
Posted Content•
TL;DR: In this paper, the Tate-Drinfeld module is introduced to describe the formal neighbourhood of the scheme of cusps of the Drinfeld modular curve, analogous to the compactification of the classical modular curve given by Katz and Mazur.
Abstract: In this paper we describe the compactification of the Drinfeld modular curve. This compactification is analogous to the compactification of the classical modular curve given by Katz and Mazur. We show how the Weil pairing on Drinfeld modules that we defined in earlier work gives rise to a map on the Drinfeld modular curve. We introduce the Tate-Drinfeld module and show how this describes the formal neighbourhood of the scheme of cusps of the Drinfeld modular curve.
TL;DR: A new threshold proxy signature from bilinear pairings is proposed as well by using the new probabilistic signature scheme and the properties of the Gap Diffie-Hellman (GDH) group.
Abstract: Based on the GDH signature (short signature scheme) a probabilistic signature scheme is proposed in this paper with security proof. Then a new threshold proxy signature from bilinear pairings is proposed as well by using the new probabilistic signature scheme and the properties of the Gap Diffie-Hellman (GDH) group (where the Computational Diffie-Hellman problem is hard but the Decisional Diffie-Hellman problem is easy to solve). Our constructions are based on the recently proposed GDH signature scheme of Bonel et al.’s article. Bilinear pairings could be built from Weil pairing or Tate pairing. So most our constructions would be simpler, but still with high security. The proposed threshold proxy signature is the first one which is built from bilinear pairings. At the end of this paper security and performance of the threshold proxy signature scheme is also analyzed.
TL;DR: The construction of a generalization of the Weil pairing is reviewed, and it is shown that the new pairing can be computed efficiently for curves with trace of Frobenius congruent to 2 modulo the order of the base point, which leads to an efficient reduction.
Posted Content•
TL;DR: An encryption scheme such that the receiver of an encrypted message can only decrypt if it satisfies a particular policy chosen by the sender at the time of encryption, providing the users' public keys are properly certified.
Abstract: Since Boneh and Franklin published their seminal paper on identity based encryption (IBE) using the Weil pairing, there has been a great deal of interest in cryptographic primitives based on elliptic-curve pairings. One particularly interesting application has been to control access to data, via possibly complex policies. In this paper we continue the research in this vein. We present an encryption scheme such that the receiver of an encrypted message can only decrypt if it satisfies a particular policy chosen by the sender at the time of encryption. Unlike standard IBE, our encryption scheme is escrow free in that no credential-issuing authority (or colluding set of credential-issuing authorities) is able to decrypt ciphertexts itself, providing the users' public keys are properly certified. In addition we describe a security model for the scenario in question and provide proofs of security for our scheme (in the random oracle model).
01 Jan 2004
TL;DR: A new threshold proxy signature from bilinear pairings is proposed as well by using the new probabilistic signature scheme and the properties of the Gap Diffie-Hellman (GDH) group.
Abstract: Based on the GDH signature (short signature scheme) a probabilistic signature scheme is proposed in this paper with security proof. Then a new threshold proxy signature from bilinear pairings is proposed as well by using the new probabilistic signature scheme and the properties of the Gap Diffie-Hellman (GDH) group (where the Computational Diffie-Hellman problem is hard but the Decisional Diffie-Hellman problem is easy to solve). Our constructions are based on the recently proposed GDH signature scheme of Bonel et al.'s article. Bilinear pairings could be built from Weil pairing or Tate pairing. So most our constructions would be simpler, but still with high security. The proposed threshold proxy signature is the first one which is built from bilinear pairings. At the end of this paper security and performance of the threshold proxy signature scheme is also analyzed.