• 제목/요약/키워드: Pairing computation

Search Result 46, Processing Time 0.026 seconds

Fully Verifiable Algorithm for Secure Outsourcing of Bilinear Pairing in Cloud Computing

  • Dong, Min;Ren, Yanli;Zhang, Xinpeng
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.7
    • /
    • pp.3648-3663
    • /
    • 2017
  • With the development of cloud computing and widespread availability of mobile devices, outsourcing computation has gotten more and more attention in cloud computing services. The computation of bilinear pairing is the most expensive operation in pair-based cryptographic schemes. Currently, most of the algorithms for outsourcing bilinear pairing have small checkability or the outsourcers need to operate expensive computations. In this paper, we propose an efficient algorithm for outsourcing bilinear pairing with two servers, where the outsourcers can detect the errors with a probability of 1 if the cloud servers are dishonest, and the outsourcers are not involved in any complex computations. Finally, the performance evaluation demonstrates that the proposed algorithm is most efficient in all of fully verifiable outsourcing algorithms for bilinear pairing.

Faster Ate Pairing Computation over Pairing-Friendly Ellipitic Curves Using GLV Decomposition

  • Eom, Soo Kyung;Lee, Eunjeong;Lee, Hyang-Sook
    • ETRI Journal
    • /
    • v.35 no.5
    • /
    • pp.880-888
    • /
    • 2013
  • The preexisting pairings ate, $ate_i$, R-ate, and optimal-ate use q-expansion, where q is the size of the defining field for the elliptic curves. Elliptic curves with small embedding degrees only allow a few of these pairings. In such cases, efficiently computable endomorphisms can be used, as in [11] and [12]. They used the endomorphisms that have characteristic polynomials with very small coefficients, which led to some restrictions in finding various pairing-friendly curves. To construct more pairing-friendly curves, we consider ${\mu}$-expansion using the Gallant-Lambert-Vanstone (GLV) decomposition method, where ${\mu}$ is an arbitrary integer. We illustrate some pairing-friendly curves that provide more efficient pairing from the ${\mu}$-expansion than from the ate pairing. The proposed method can achieve timing results at least 20% faster than the ate pairing.

Efficient Multi-receiver Identity-Based Encryption Scheme from Bilinear Pairing (Bilinear Pairing을 이용한 효율적인 신원기반 다중 수신자 암호 기법)

  • Jung, Chae-Duk;Yoon, Suk-Bong;Sur, Chul;Rhee, Kyung-Hyune
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.11 no.2
    • /
    • pp.301-308
    • /
    • 2007
  • In this paper, we propose a new efficient multi-receiver identity-based encryption scheme from Bilinear Pairing. The proposed scheme eliminates pairing computation to encrypt a message for multiple receivers and only need one pairing computation to decrypt the ciphertext. Moreover, we show how to properly transform our scheme into a highly efficient stateless public key broadcast encryption scheme based on the subset-cover framework.

Certificate-Based Encryption Scheme without Pairing

  • Yao, Ji;Li, Jiguo;Zhang, Yichen
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.7 no.6
    • /
    • pp.1480-1491
    • /
    • 2013
  • Certificate-based cryptography is a new cryptographic primitive which eliminates the necessity of certificates in the traditional public key cryptography and simultaneously overcomes the inherent key escrow problem suffered in identity-based cryptography. However, to the best of our knowledge, all existed constructions of certificate-based encryption so far have to be based on the bilinear pairings. The pairing calculation is perceived to be expensive compared with normal operations such as modular exponentiations in finite fields. The costly pairing computation prevents it from wide application, especially for the computation limited wireless sensor networks. In order to improve efficiency, we propose a new certificate-based encryption scheme that does not depend on the pairing computation. Based on the decision Diffie-Hellman problem assumption, the scheme's security is proved to be against the chosen ciphertext attack in the random oracle. Performance comparisons show that our scheme outperforms the existing schemes.

An Efficient DPA Countermeasure for the $Eta_T$ Pairing Algorithm over GF($2^n$) Based on Random Value Addition

  • Seo, Seog-Chung;Han, Dong-Guk;Hong, Seok-Hie
    • ETRI Journal
    • /
    • v.33 no.5
    • /
    • pp.780-790
    • /
    • 2011
  • This paper presents an efficient differential power analysis (DPA) countermeasure for the $Eta_T$ pairing algorithm over GF($2^n$). The proposed algorithm is based on a random value addition (RVA) mechanism. An RVA-based DPA countermeasure for the $Eta_T$ pairing computation over GF($3^n$) was proposed in 2008. This paper examines the security of this RVA-based DPA countermeasure and defines the design principles for making the countermeasure more secure. Finally, the paper proposes an efficient RVA-based DPA countermeasure for the secure computation of the $Eta_T$ pairing over GF($2^n$). The proposed countermeasure not only overcomes the security flaws in the previous RVAbased method but also exhibits the enhanced performance. Actually, on the 8-bit ATmega128L and 16-bit MSP430 processors, the proposed method can achieve almost 39% and 43% of performance improvements, respectively, compared with the best-known countermeasure.

Efficient Computation of Eta Pairing over Binary Field with Vandermonde Matrix

  • Shirase, Masaaki;Takagi, Tsuyoshi;Choi, Doo-Ho;Han, Dong-Guk;Kim, Ho-Won
    • ETRI Journal
    • /
    • v.31 no.2
    • /
    • pp.129-139
    • /
    • 2009
  • This paper provides an efficient algorithm for computing the ${\eta}_T$ pairing on supersingular elliptic curves over fields of characteristic two. In the proposed algorithm, we deploy a modified multiplication in $F_{2^{4n}}$ using the Vandermonde matrix. For F, G ${\in}$ $F_{2^{4n}}$ the proposed multiplication method computes ${\beta}{\cdot}F{\cdot}G$ instead of $F{\cdot}G$ with some ${\beta}$ ${\in}$ $F^*_{2n}$ because ${\beta}$ is eliminated by the final exponentiation of the ${\eta}_T$ pairing computation. The proposed multiplication method asymptotically requires only 7 multiplications in $F_{2^n}$ as n ${\rightarrow}$ ${\infty}$, while the cost of the previously fastest Karatsuba method is 9 multiplications in $F_{2^n}$. Consequently, the cost of the ${\eta}_T$ pairing computation is reduced by 14.3%.

  • PDF

TATE PAIRING COMPUTATION ON THE DIVISORS OF HYPERELLIPTIC CURVES OF GENUS 2

  • Lee, Eun-Jeong;Lee, Yoon-Jin
    • Journal of the Korean Mathematical Society
    • /
    • v.45 no.4
    • /
    • pp.1057-1073
    • /
    • 2008
  • We present an explicit Eta pairing approach for computing the Tate pairing on general divisors of hyperelliptic curves $H_d$ of genus 2, where $H_d\;:\;y^2+y=x^5+x^3+d$ is defined over ${\mathbb{F}}_{2^n}$ with d=0 or 1. We use the resultant for computing the Eta pairing on general divisors. Our method is very general in the sense that it can be used for general divisors, not only for degenerate divisors. In the pairing-based cryptography, the efficient pairing implementation on general divisors is significantly important because the decryption process definitely requires computing a pairing of general divisors.

On the Computational Cost of Pairing and ECC Scalar Multiplication (페어링 및 ECC 상수배 연산의 계산 비용에 관하여)

  • Koo, Nam-Hun;Jo, Gook-Hwa;Kim, Chang-Hoon;Kwon, Soon-Hak
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.36 no.1C
    • /
    • pp.14-21
    • /
    • 2011
  • Cryptographic protocols based on bilinear pairings provide excellent alternatives to conventional elliptic curve cryptosystems based on discrete logarithm problems. Through active research has been done toward fast computation of the bilinear pairings, it is still believed that the computational cost of one pairing computation is heavier than the cost of one ECC scalar multiplication. However, there have been many progresses in pairing computations over binary fields. In this paper, we compare the cost of BLS signature scheme with ECDSA with equvalent level of security parameters. Analysis shows that the cost of the pairing computation is quite comparable to the cost of ECC scalar multiplication for the case of binary fields.

Construction of Efficient and Secure Pairing Algorithm and Its Application

  • Choi, Doo-Ho;Han, Dong-Guk;Kim, Ho-Won
    • Journal of Communications and Networks
    • /
    • v.10 no.4
    • /
    • pp.437-443
    • /
    • 2008
  • The randomized projective coordinate (RPC) method applied to a pairing computation algorithm is a good solution that provides an efficient countermeasure against side channel attacks. In this study, we investigate measures for increasing the efficiency of the RPC-based countermeasures and construct a method that provides an efficient RPC-based countermeasure against side channel attacks. We then apply our method to the well-known $\eta_T$ pairing algorithm over binary fields and obtain an RPC-based countermeasure for the $\eta_T$ pairing; our method is more efficient than the RPC method applied to the original $\eta_T$ pairing algorithm.

Efficient Fault Injection Attack to the Miller Algorithm in the Pairing Computation using Affine Coordinate System (아핀좌표를 사용하는 페어링 연산의 Miller 알고리듬에 대한 효과적인 오류주입공격)

  • Bae, Ki-Seok;Park, Jea-Hoon;Sohn, Gyo-Yong;Ha, Jae-Cheol;Moon, Sang-Jae
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.3
    • /
    • pp.11-25
    • /
    • 2011
  • The Miller algorithm is employed in the typical pairing computation such as Weil, Tate and Ate for implementing ID based cryptosystem. By analyzing the Mrabet's attack that is one of fault attacks against the Miller algorithm, this paper presents au efficient fault attack in Affine coordinate system, it is the most basic coordinates for construction of elliptic curve. The proposed attack is the effective model of a count check fault attack, it is verified to work well by practical fault injection experiments and can omit the probabilistic analysis that is required in the previous counter fault model.