椭圆曲线Tate对的压缩

利用有限域包含的循环群之间的映射,给出了特征为素数p,MOV次数为3的超奇异椭圆曲线上的一类Tate对的两种有效压缩方法,它们分别将Tate对的值从6logp比特长的串压缩到3logp和2logp比特长.两种压缩方法的实现均使用原有Tate对的优化算法的代码,不需要针对压缩对编写新的实现代码,而且两种压缩对的实现均保持原有Tate对的实现速度.     

Implementation of Cryptosystems Based on Tate Pairing

Tate pairings over elliptic curves are important in cryptography since they can be used to construct efficient identity-based cryptosystems, and their implementation dominantly determines the efficiencies of the cryptosystems. In this paper, the implementation of a cryptosystem is provided based on the Tate pairing over a supersingular elliptic curve of MOV degree 3. The implementation is primarily designed to re-use low-level codes developed in implementation of usual elliptic curve cryptosystems. The paper studies how to construct the underlying ground field and its extension to accelerate the finite field arithmetic, and presents a technique to speedup the time-consuming powering in the Tate pairing algorithm.     

A pairing SW implementation for Smart-Cards

The aim of this work is to show the feasibility of the primitives of the identity based cryptosystems for applications in Smart-Cards. Several observations are applied to easily choose many supersingular elliptic curves over a prime field , in such a way that the size of the torsion subgroup, the curve order and the finite field characteristic are of minimal Hamming weight. We modify the Chudnovsky elliptic curve point representation to settle a dedicated coordinate system for pairings and to minimize the number of operations in the finite field. The encouraging timing results obtained for ST22 Smart-Card architecture show the feasibility of pairing primitives for embedded devices.     

A note on the Ate pairing

The Ate pairing has been suggested since it can be computed efficiently on ordinary elliptic curves with small values of the traces of Frobenius t. However, not all pairing-friendly elliptic curves have this property. In this paper, we generalize the Ate pairing and find a series of the variations of the Ate pairing. We show that the shortest Miller loop of the variations of the Ate pairing can possibly be as small as r ^1/φ(k) on some special pairing-friendly curves with large values of Frobenius trace, and hence speed up the pairing computation significantly. This work is supported by the National Natural Science Foundation of China (No. 60773202, 60633030) and 973 Program (No. 2006CB303104).     

双线性对有效计算研究进展

近年来,双线性对获得了广泛的密码应用.实现这些应用的效率,取决于双线性对的计算速度.分类回顾了双线性对有效计算方面的已有进展,并提出了进一步工作的可能性.     

Hardware architectures for the Tate pairing over GF(2)

In this paper two different approaches to the design of a reconfigurable Tate pairing hardware accelerator are presented. The first uses macro components based on a large, fixed number of underlying Galois Field arithmetic units in parallel to minimise the computation time. The second is an area efficient approach based on a small, variable number of underlying components. Both architectures are prototyped on an FPGA. Timing results for each architecture with various different design parameters are presented.     

高效安全的无证书密钥协商方案*

在网络信息安全领域,服务器与客户机之间的密钥协商显得非常必要。无证书公钥密码是为了克服基于身份密码的密钥托管性质提出来的,它结合了传统公钥证书密码体系和基于身份的公钥体系的优点。应用椭圆曲线的配对运算,提出了一个两方的无证书密钥协商协议,其中每一方只需计算一个配对,并证明了它在ECK模型下的安全性。与其他无证书密钥协商协议相比,安全性和效率都更好。     

基于身份的安全密钥交换方案

针对此前提出的一轮密钥交换方案都不满足密钥控制安全性的问题,提出了一个新的基于身份的密钥交换方案。新方案将两个基础密钥交换方案组合,并通过密钥管理中心转发密钥元素,有效地避免了密钥控制,并且每次生成会话密钥一次配对运算,效率比此前的基于身份的密钥交换方案有很大的提高。     

基于复合域上的椭圆曲线密码体制的计算算法

基于有限域上椭圆曲经公开密钥协议的离散对数计算算法正日益成为热点，其基本的操作是标量乘法：即用一整数乘以椭圆曲线上给定的点P。协议的主要开锁在于椭圆曲线的标量乘操作上，本文给出了3个逄法进行椭圆曲线密码系统的有效计算，第一个算法采用加－减法链的方法处理标量乘法问题；第二个算法给出了正整数n的NAF形式；第三个算法采用窗口的方法处理NAF（n）从而进一步提高加－减法链的效率，这三个算法的有机结合从银大程度上提高了椭圆曲线密码体制的加／解密速度。     

Efficient Pairing Computation on Huff Curves

Abstract

Pairings on elliptic curves are currently of great interest due to their applications in a number of cryptographic protocols such as identity-based encryption, group signatures, short signatures, and the tripartite Diffie-Hellman. Miller's algorithm is the most commonly used method of computing Tate pairing. Denominator elimination can improve Miller's algorithm when the embedding degree has the form 2ⁱ3^j. However, if the embedding degree does not have the above form, how can the speed of Miller's algorithm be increased? In this article, the authors modified Miller's algorithm over Huff curves. It is about 20.38% faster than the original algorithm.     

双线性对计算算法的优化

基于身份的公钥密码体制独特的优点使其成为PKI公钥密码体制后的一个新研究热点。基于身份的密码体制的实现基于双线性对的快速计算,Miller算法是一种计算线性对的有效算法。利用窗口宽度为w的NAF倍乘算法,结合Miller算法,提出一种有效提高线性对计算速度的方法,这种方法倍加中加法运算次数改进为原来的2/w。     

基于签名加密算法的短信息加密方案

结合椭圆曲线上的Tate配对和混合加密体制,提出了一种新的签名加密算法,它集密钥交换、数字签名和数据加、解密功能于一体;针对短信息系统自身的特点,基于该算法提出了一种适用于短信息系统的加密方案,能完全抵抗生日攻击,既安全又实用。     

Self-generated-certificate public key encryption without pairing and its application

Recently, Liu et al. [26] discovered that Certificateless Public Key Encryption (CL-PKE) suffers the Denial-of-Decryption (DoD) attack. Based on CL-PKC, the authors introduced a new paradigm called Self-Generated-Certificate Public Key Cryptography (SGC-PKC) that captured the DoD attack and proposed the first scheme derived from a novel application of Water’s Identity-Based Encryption scheme [43]. In this paper, we propose a new SGC-PKE scheme that does not depend on the bilinear pairings and hence, is more efficient and requires shorter public keys than Liu et al.’s scheme. More importantly, our scheme reaches Girault’s trust level 3 [16] (cf. Girault’s trust level 2 of Liu and Au’s scheme), the same trust level achieved by a traditional PKI. In addition, we also discuss how our scheme can lead to a secure and self-organized key management and authentication system for ad hoc wireless networks with a function of user-controlled key renewal.     

A pairing-free certificateless digital multisignature scheme using elliptic curve cryptography

In a digital multisignature scheme, two or more signers are allowed to produce a single signature on a common message, which can be verified by anyone. In the literature, many schemes are available based on the public key infrastructure or identity-based cryptosystem with bilinear pairing and map-to-point (MTP) hash function. The bilinear pairing and the MTP function are time-consuming operations and they need a large super-singular elliptic curve group. Moreover, the cryptosystems based on them are difficult to implement and less efficient for practical use. To the best of our knowledge, certificateless digital multisignature scheme without pairing and MTP hash function has not yet been devised and the same objective has been fulfilled in this paper. Furthermore, we formally prove the security of our scheme in the random oracle model under the assumption that ECDLP is hard.     

The Naval Intercept Station at Bainbridge Island,Washington

Abstract

The most popular encryption scheme based on elliptic curves is the Elliptic Curve Integrated Encryption Scheme (ECIES), which is included in ANSI X9.63, IEEE 1363a, ISO/IEC 18033-2, and SECG SEC 1. These standards offer many ECIES options, not always compatible, making it difficult to decide what parameters and cryptographic elements to use in a specific deployment scenario. In this work, the authors show that a secure and practical implementation of ECIES can only be compatible with two of the four previously mentioned standards. They also provide the list of functions and options that must be used in such an implementation. Finally, they present the results obtained when testing this ECIES version implemented as a Java application, which allows them to offer some comments about the performance and feasibility of their proposed solution.     

Faster pairing computation on genus 2 hyperelliptic curves

In this paper, new efficient pairings on genus 2 hyperelliptic curves of the form C:y²=x⁵+ax with embedding degree k satisfying 4|k are constructed, that is an improvement for the results of Fan et al. (2008) [10]. Then a variant of Miller?s algorithm is given to compute our pairings. In this algorithm, we just need to evaluate the Miller function at two divisors for each loop iteration. However, Fan et al. had to compute the Miller function at four divisors. Moreover, compared with Fan et al.?s algorithm, the exponentiation calculation is simplified. We finally analyze the computational complexity of our pairings, which shows that our algorithm can save 2036m operations in the base field or be 34.1% faster than Fan et al.?s algorithm. The experimental result shows that our pairing can achieve a better performance.     

Cryptanalysis and improvement of a certificateless signcryption scheme without bilinear pairing

As an improtant cryptographic scheme, signcryption scheme has been widely used in applications since it could provide both of signature and encryption. With the development of the certificateless public key cryptography (CLPKC), many certificatelss signcryption (CLSC) schemes using bilinear pairing hve been proposed. Comparated other operations, the bilinear pairing operaion is much more compulicated. Therefore, CLSC scheme without bilinear pairing is more suitable for applications. Recently, Jing et al. proposed a CLSC scheme without bilinear pairing and claimed their scheme is secure against two types of adversaries. In this paper, we will show their scheme provide neither unforgeability property nor confidentiality property. To improve security, we also propose a new CLSC scheme without pairing and demonstrate it is provably secure in the random oracle model.     

高效的无证书签密方案

无证书的密码体制不但消除了传统公钥密码体制中的证书管理问题,而且解决了基于身份密码体制中的密钥泄露问题。签密方案结合了公钥加密和数字签名的功能,能够同时实现消息的机密性和认证性。提出一种新的无证书签密方案,新方案在签密过程中需要1次配对运算,在解签密过程中仅需要3次配对运算。与已有的方案相比,新方案具备更高的效率。在安全性方面,新方案满足机密性、不可伪造性和可公开验证性。     

无双线性对的无证书隐式认证及密钥协商

由于对运算的计算量较大,且现有无双线性对的密钥协商协议存在会话临时秘密值泄露安全缺陷,提出一种无需对运算的无证书隐式认证和密钥协商协议,在随机预言机模型下证明了新协议的安全性。新协议基于椭圆曲线上的CDH假设,仅需要三次椭圆曲线上的点乘运算,计算开销低于同类型其他协议。新协议采用隐式认证方式避免了现有方案中存在的会话临时秘密值泄露安全缺陷。     

基于椭圆曲线的EIGamal加密体制的组合公钥分析及应用

分析了基于椭圆曲线的EIGamal密码的组合公钥技术。基于种子公钥和密钥映射的新技术可以实现从有限的种子变量产生几乎“无限”密钥对,有望解决大型专用网中中大规模的密钥管理难题。提出一种在电子政务中的应用方案并对安全性进行了分析。