Showing papers on "Weil pairing published in 2006"
TL;DR: In this paper, the authors simplify and extend the Eta pairing, originally discovered in the setting of supersingular curves by Barreto, to ordinary curves and obtain a speedup of a factor of around six over the usual Tate pairing, in the case of curves that have large security parameters.
Abstract: In this paper, we simplify and extend the Eta pairing, originally discovered in the setting of supersingular curves by Barreto , to ordinary curves. Furthermore, we show that by swapping the arguments of the Eta pairing, one obtains a very efficient algorithm resulting in a speed-up of a factor of around six over the usual Tate pairing, in the case of curves that have large security parameters, complex multiplication by an order of Qopf (radic-3), and when the trace of Frobenius is chosen to be suitably small. Other, more minor savings are obtained for more general curves
464 citations
23 Jul 2006
TL;DR: In this article, the Tate pairing is shown to be more efficient than the Weil pairing for all such security levels of the security level of the Tate-Weil pairings, using efficient exponentiation techniques in the cyclotomic subgroup.
Abstract: The security and performance of pairing based cryptography has provoked a large volume of research, in part because of the exciting new cryptographic schemes that it underpins. We re-examine how one should implement pairings over ordinary elliptic curves for various practical levels of security. We conclude, contrary to prior work, that the Tate pairing is more efficient than the Weil pairing for all such security levels. This is achieved by using efficient exponentiation techniques in the cyclotomic subgroup backed by efficient squaring routines within the same subgroup.
89 citations
TL;DR: Three refinements to Miller's algorithm are given, one of which is especially efficient when the underlying elliptic curve is over a finite field of characteristic three, which is a case of particular cryptographic interest.
64 citations
TL;DR: In this paper, it was shown that there are very few finite fields over which elliptic curves with small embedding degree and small complex multiplication discriminant may exist (regardless of the way they are constructed).
Abstract: Miyaji, Nakabayashi and Takano have recently suggested a construction of the so-called MNT elliptic curves with low embedding degree, which are also of importance for pairing-based cryptography. We give some heuristic arguments which suggest that there are only about z1/2+ o(1) of MNT curves with complex multiplication discriminant up to z. We also show that there are very few finite fields over which elliptic curves with small embedding degree and small complex multiplication discriminant may exist (regardless of the way they are constructed).
23 citations
TL;DR: New algorithms for the Tate pairing on a prime field are presented that reduce the cost of multiplication and inversion on an extension field, and reduce the number of calculations of the extended finite field.
Abstract: This paper presents new algorithms for the Tate pairing on a prime field. Recently, many pairing-based cryptographic schemes have been proposed. However, computing pairings incurs a high computational cost and represents the bottleneck to using pairings in actual protocols. This paper shows that the proposed algorithms reduce the cost of multiplication and inversion on an extension field, and reduce the number of calculations of the extended finite field. This paper also discusses the optimal algorithm to be used for each pairing parameter and shows that the total computational cost is reduced by 50% if k = 6 and 57% if k = 8.
20 citations
TL;DR: Both schemes are proven to be secure against adaptive chosen message attack in the random oracle model under the normal security notions with the assumption that the Computational Diffie-Hellman problem is hard in the m-torsion groups.
Abstract: An identity-based multisignature scheme and an identity-based aggregate signature scheme are proposed in this paper. They are both from m-torsion groups on super-singular elliptic curves or hyper-elliptic curves and based on the recently proposed identity-based signature scheme of Cha and Cheon. Due to the sound properties of m-torsion groups and the base scheme, it turns out that our schemes are very simple and efficient. Both schemes are proven to be secure against adaptive chosen message attack in the random oracle model under the normal security notions with the assumption that the Computational Diffie-Hellman problem is hard in the m-torsion groups.
18 citations
01 Oct 2006
TL;DR: A new multiparty key agreement protocol from Weil Pairing is proposed that needs only constant number of rounds and the message size, the total number of scalar multiplications, and the number of Weil pairing are reduced.
Abstract: Multiparty key agreement has many applications on internet services such as secure teleconferencing. A group of users can hold a conference securely over an open network by running a multiparty key agreement protocol to generate a common secret key. With the common secret key, data transmission over the internet is protected for confidentiality. In 2003, Barua (INDOCRYPT 2003) first proposed a multiparty key agreement protocol by using Weil pairing. The protocol is based on ternary trees and Joux's tripartite key agreement. However, in Barua's protocol the communication round for n entities is [log3 n], which is proportional to the number of participants. In this paper, we propose a new multiparty key agreement protocol from Weil pairing that needs only constant number of rounds. Besides, the message size, the total number of scalar multiplications, and the number of Weil pairing are reduced.
15 citations
15 May 2006
TL;DR: In this article, an identity-based threshold proxy signature scheme with known signers from bilinear pairings was proposed, which is a variant of the proxy signature in which only some subgroup of proxy signers with efficient size can sign messages on behalf of the original signer.
Abstract: Threshold proxy signature is a variant of the proxy signature scheme in which only some subgroup of proxy signers with efficient size can sign messages on behalf of the original signer. Some threshold proxy signature schemes have been proposed up to data. But nearly all of them are under the certificate-based (CA-based) public key systems. In this paper, we put forward an identity-based (ID-based) threshold proxy signature scheme with known signers from bilinear pairings for the first time. Most of our constructions would be simpler but still with high security due to the properties of bilinear map built from Weil pairing or Tate pairing.
12 citations
TL;DR: The Tate–Drinfeld module is introduced and it is shown how this describes the formal neighbourhood of the scheme of cusps of the Drinfeld modular curve.
10 citations
Journal Article•
TL;DR: This paper puts forward an identity-based (ID-based) threshold proxy signature scheme with known signers from bilinear pairings for the first time and constructions would be simpler but still with high security due to the properties of bil inear map built from Weil pairing or Tate pairing.
Abstract: Threshold proxy signature is a variant of the proxy signature scheme in which only some subgroup of proxy signers with efficient size can sign messages on behalf of the original signer. Some threshold proxy signature schemes have been proposed up to data. But nearly all of them are under the certificate-based (CA-based) public key systems. In this paper, we put forward an identity-based (ID-based) threshold proxy signature scheme with known signers from bilinear pairings for the first time. Most of our constructions would be simpler but still with high security due to the properties of bilinear map built from Weil pairing or Tate pairing.
8 citations
TL;DR: In this article, the Weil pairing of two elements of the torsion of the Jacobian of an algebraic curve can be expressed in terms of the product of the local Hilbert symbols of two special ideles associated with the Torsion elements.
Abstract: The Weil pairing of two elements of the torsion of the Jacobian of an algebraic curve can be expressed in terms of the product of the local Hilbert symbols of two special ideles associated with the torsion elements of the Jacobian. On the other hand, Arbarello, De Concini, and Kac have constructed a central extension of the group of ideles on an algebraic curve in which the commutator is also equal up to a sign to the product of all the local Hilbert symbols of two ideles.The aim of the paper is to explain this similarity. It turns out that there exists a close connection between the Poincare biextension over the square of the Jacobian defining the Weil pairing and the central extension constructed by Arbarello, de Concini, and Kac. The latter is a quotient of a certain biextension associated with the central extension.
TL;DR: This paper shows that the squared pairing for an arbitrary chosen point can be transformed into the plain pairing for a trace zero point which has a special form to compute them more efficiently.
Posted Content•
TL;DR: In this article, the Tate pairing is shown to be more efficient than the Weil pairing for all such security levels of the security level of the Tate-Weil pairings, using efficient exponentiation techniques in the cyclotomic subgroup.
Abstract: The security and performance of pairing based cryptography has provoked a large volume of research, in part because of the exciting new cryptographic schemes that it underpins. We re-examine how one should implement pairings over ordinary elliptic curves for various practical levels of security. We conclude, contrary to prior work, that the Tate pairing is more efficient than the Weil pairing for all such security levels. This is achieved by using efficient exponentiation techniques in the cyclotomic subgroup backed by efficient squaring routines within the same subgroup.
01 Jan 2006
TL;DR: Using weil pairing, an identity-based ring signcryption scheme is proposed that is secure against adaptively chosen cipher text attack under the difficulty of the Decisional Bilinear Diffie-Hellman problem.
Abstract: Using weil pairing,an identity-based ring signcryption scheme is proposed.Its concrete algorithm is given.Using this scheme the message sender can anonymously send the message,the confidentiality and authenticity of message are realized at the same time.It is proved that the scheme is secure against adaptively chosen cipher text attack under the difficulty of the Decisional Bilinear Diffie-Hellman problem.Compared with the traditional "signature then encryption scheme",the cipher text of our scheme is rather short.So our scheme is more applicable to systems where cryptogram is sent over a low bandwidth channel.
TL;DR: Three new pairwise key agreement protocols based on Weil pairing are proposed in this paper, which have the security attributes such as known session key security, perfect forward secrecy, no key-compromise impersonation, no unknown key-share and no key control.
Abstract: To achieve security in the networks, it is important to be able to encrypt and authenticate messages sent between the users. Keys for encryption and authentication purposes must be agreed upon by the users in the networks. Three new pairwise key agreement protocols based on Weil pairing are proposed in this paper. In those protocols, all the users share common secret information. They may arrange the pairwise key and authenticate each other by fewer messages. The proposed protocols have the security attributes such as known session key security, perfect forward secrecy, no key-compromise impersonation, no unknown key-share and no key control.
Journal Article•
TL;DR: A new blind signature scheme from Weil pairing on elliptic curves is proposed, which is efficient and has the security properties of robustness and unforgeability.
Abstract: The idea behind a (t, n) threshold blind signature is that a user can ask at least t out of n players of a group to cooperate to generate a signature for a message without revealing its content. This paper first presents a new blind signature scheme from Weil pairing on elliptic curves. Based on this scheme, a threshold blind signature scheme is proposed. It is efficient and has the security properties of robustness and unforgeability. In the proposed scheme, the group manger is introduced to take the role of distributing the group secret key to each player. However, he cannot forge the players to generate partial blind signatures (Each partial blind signature depends on not only the secret key of the player, but also a random number the player picks). Compared with a threshold signature with a trusted third party, its advantage is obvious; Compared with a threshold signature without a trusted third party, it is more simple and efficient.
Journal Article•
TL;DR: To construct BDH(Bilinear Diffie-Hellman) parameter generator in key evolving schemes, the security of BDH problem was researched and some useful corollaries about BDH security were obtained.
Abstract: To construct BDH(Bilinear Diffie-Hellman) parameter generator in key evolving schemes,the security of BDH problem was researched.The origin of BDH problem was reviewed.Then based on the admissible bilinear map,the decisional BDH problem,computational BDH problem and some variants were analyzed,respectively.As a result,some useful corollaries about BDH security were obtained.Finally,BDH parameter generators using Weil pairing and Tate pairing on supersingular elliptic curves were constructed.The generators could be widely applied to identity-based cryptography.
Journal Article•
TL;DR: A bilinear pairing signcryption scheme is proposed using the bil inear property of the Weil pairing defined on elliptic curves and Euler's criterion to obtain the quicker velocity of encryption and decryption and solve the difficult problem of key management.
Abstract: A bilinear pairing signcryption scheme is proposed using the bilinear property of the Weil pairing defined on elliptic curves and Euler's criterion.The scheme not only can obtain the quicker velocity of encryption and decryption,solve the difficult problem of key management,distinguish the right message from the wrong message,but also can resist the attack which sends cryptograph continuously.The signature size is only about a quarter of the Guillou-Quisquater signature.The management and storage spending of the public key certificate could be efficiently cut down using this scheme.
Proceedings Article•
10 Mar 2006