• Journal of the Korean Mathematical Society
• /
• v.45 no.4
• /
• pp.1057-1073
• /
• 2008

We present an explicit Eta pairing approach for computing the Tate pairing on general divisors of hyperelliptic curves $H_d$ of genus 2, where $H_d\;:\;y^2+y=x^5+x^3+d$ is defined over ${\mathbb{F}}_{2^n}$ with d=0 or 1. We use the resultant for computing the Eta pairing on general divisors. Our method is very general in the sense that it can be used for general divisors, not only for degenerate divisors. In the pairing-based cryptography, the efficient pairing implementation on general divisors is significantly important because the decryption process definitely requires computing a pairing of general divisors.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.45 no.10
• /
• pp.23-30
• /
• 2008

Recently, a considerable number of studies have been conducted on pairing based cryptosystems. The efficiency of pairing based cryptosystems depends on finite fields, similar to existing public key cryptosystems. In general, pairing based ctyptosystems are defined over finite fields of chracteristic three, GF($3^m$), based on trinomials. A multiplication in GF($3^m$) is the most dominant operation. This paper proposes a new most significant digit(MSD)-first digit- serial multiplier. The proposed MSD-first digit-serial multiplier has the same area complexity compared to previous multipliers, since the modular reduction step is performed in parallel. And the critical path delay is reduced from 1MUL+(log ${\lceil}n{\rceil}$+1)ADD to 1MUL+(log ${\lceil}n+1{\rceil}$)ADD. Therefore, when the digit size is not $2^k$, the time delay is reduced by one addition.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.3-12
• /
• 2011

A hashing function that maps arbitrary messages directly onto curve points (MapToPoint) has non-negligible complexity in pairing-based cryptosystems. Unlike elliptic curve cryptosystems, pairing-based cryptosystems require the hashing function in ternary fields. Barreto et al. observed that it is more advantageous to hash the message to an ordinate instead of an abscissa. So, they significantly improved the hashing function by using a matrix with coefficients of the abscissa. In this paper, we improve the method of Barreto et al. by reducing the matrix. Our method requires only 44% memory of the previous result. Moreover we can hash a message onto a curve point 2~3 times faster than Barreto's Method.

• ETRI Journal
• /
• v.30 no.1
• /
• pp.68-80
• /
• 2008

Since many efficient algorithms for implementing pairings have been proposed such as ${\eta}_T$ pairing and the Ate pairing, pairings could be used in constraint devices such as smart cards. However, the secure implementation of pairings has not been thoroughly investigated. In this paper, we investigate the security of ${\eta}_T$ pairing over binary fields in the context of side-channel attacks. We propose efficient and secure ${\eta}_T$ pairing algorithms using randomized projective coordinate systems for computing the pairing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.33-44
• /
• 2008

The efficiency of pairing based cryptosystems depends on the computation of pairings. pairings is defined over finite fileds GF$(3^m)$ by trinomials due to efficiency. The hardware architectures for pairings have been widely studied. This paper proposes new adder and multiplier for GF(3) which are more efficient than previous results. Furthermore, this paper proposes a new unified adder-subtractor for GF$(3^m)$ based on the proposed adder and multiplier. Finally, this paper proposes new multiplier for GF$(3^m)$. The proposed MSB-first bit-serial multiplier for GF$(p^m)$ reduces the time delay by approximately 30 % and the size of register by half than previous LSB-first multipliers. The proposed multiplier can be applied to all finite fields defined by trinomials.

• ETRI Journal
• /
• v.38 no.4
• /
• pp.724-734
• /
• 2016

To achieve confidentiality, integrity, authentication, and non-repudiation simultaneously, the concept of signcryption was introduced by combining encryption and a signature in a single scheme. Certificate-based encryption schemes are designed to resolve the key escrow problem of identity-based encryption, as well as to simplify the certificate management problem in traditional public key cryptosystems. In this paper, we propose a new certificate-based signcryption scheme that has been proved to be secure against adaptive chosen ciphertext attacks and existentially unforgeable against chosen-message attacks in the random oracle model. Our scheme is not based on pairing and thus is efficient and practical. Furthermore, it allows a signcrypted message to be immediately verified by the public key of the sender. This means that verification and decryption of the signcrypted message are decoupled. To the best of our knowledge, this is the first signcryption scheme without pairing to have this feature.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.45 no.2
• /
• pp.49-54
• /
• 2008

In cryptosystems based on finite fields, a modular multiplication operation is the most crucial part of finite field arithmetic. Also, in multipliers with resource constrained environments, bit-serial output structures are used in general. This paper proposes two efficient bit-serial output multipliers with the polynomial basis representation for irreducible trinomials. The proposed multipliers have lower time complexity compared to previous bit-serial output multipliers. One of two proposed multipliers requires the time delay of $(m+1){\cdot}MUL+(m+1){\cdot}ADD$ which is more efficient than so-called Interleaved Multiplier with the time delay of $m{\cdot}MUL+2m{\cdot}ADD$. Therefore, in elliptic curve cryptosystems and pairing based cryptosystems with small characteristics, the proposed multipliers can result in faster overall computation. For example, if the characteristic of the finite fields used in cryprosystems is small then the proposed multipliers are approximately two times faster than previous ones.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2254-2275
• /
• 2017

In this paper, we present an IND-CCA2 secure certificateless proxy re-encryption scheme in the random oracle model. A certificateless public key cryptography simplifies the certificate management in a traditional public key infrastructure and the built-in key escrow feature in an identity-based public key cryptography. Our scheme shares the merits of certificateless public key encryption cryptosystems and proxy re-encryption cryptosystems. Our certificateless proxy re-encryption scheme has several practical and useful properties - namely, multi-use, unidirectionality, non-interactivity, non-transitivity and so on. The security of our scheme bases on the standard bilinear Diffie-Hellman and the decisional Bilinear Diffie-Hellman assumptions.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.1C
• /
• pp.14-21
• /
• 2011

Cryptographic protocols based on bilinear pairings provide excellent alternatives to conventional elliptic curve cryptosystems based on discrete logarithm problems. Through active research has been done toward fast computation of the bilinear pairings, it is still believed that the computational cost of one pairing computation is heavier than the cost of one ECC scalar multiplication. However, there have been many progresses in pairing computations over binary fields. In this paper, we compare the cost of BLS signature scheme with ECDSA with equvalent level of security parameters. Analysis shows that the cost of the pairing computation is quite comparable to the cost of ECC scalar multiplication for the case of binary fields.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.11
• /
• pp.2928-2940
• /
• 2013

Key exposure is a major threat to secure cryptosystems. To mitigate the impact caused by key-compromise attacks, a key-insulated cryptographic mechanism is a better alternative. For securing the large message communication in peer-to-peer networks, in this paper, we propose the first novel identity-based key-insulated encryption (IB-KIE) scheme with message linkages. Our scheme has the properties of unbounded time periods and random-access key-updates. In the proposed scheme, each client can periodically update his private key while the corresponding public one remains unchanged. The essential security assumption of our proposed scheme is based on the well-known bilinear Diffie-Hellman problem (BDHP). To ensure the practical feasibility, we also formally prove that the proposed scheme achieves the security requirement of confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) in the random oracle model.