Abstract. The Weil and Tate pairings are a popular new gadget in cryptography and have found many applications, including identity-based cryptography. In particular, the pairings have been used for key exchange protocols. This paper studies the bit security of keys obtained using protocols based on pairings (that is, we show that obtaining certain bits of the common key is as hard as computing the entire key). These results are valuable as they give insight into how many \hard-core " bits can be obtained from key exchange using pairings. 1
|
569
|
Identity-based encryption from the Weil pairing
– Boneh, Franklin
- 2001
|
|
209
|
Reducing elliptic curve logarithms to logarithms in a finite field
– Menezes, Okamoto, et al.
- 1993
|
|
150
|
A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves
– Frey, Rück
- 1994
|
|
109
|
Cryptosystems based on pairing
– Sakai, Ohgishi, et al.
- 2000
|
|
75
|
Supersingular curves in cryptography
– Galbraith
- 2001
|
|
62
|
An identity based authenticated key agreement protocol based on the Weil pairing
– Smart
- 2002
|
|
60
|
Evidence that XTR is more secure than supersingular elliptic curve cryptosystems
– Verheul
- 2001
|
|
44
|
The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems
– Joux
- 2002
|
|
41
|
Constructing elliptic curves with prescribed embedding degrees
– Barreto, Lynn, et al.
- 2002
|
|
39
|
A one round protocol for tripartite Die-Hellman
– Joux
- 2000
|
|
35
|
Supersingular Abelian Varieties in Cryptology
– Rubin, Silverberg
- 2002
|
|
22
|
Authenticated Three Party Key Agreement Protocols from Pairings, Information security group
– Al-Riyami, Paterson
- 2002
|
|
19
|
Shifted primes without large prime factors
– Baker, Harman
- 1998
|
|
16
|
Short programs for functions on curves
– Miller
- 1986
|
|
13
|
A survey of hard core functions
– Vasco, Naslund
- 2000
|
|
12
|
On the security of Di#e--Hellman bits
– Vasco, Shparlinski
- 2000
|
|
10
|
The modular inversion hidden number problem
– Boneh, Halevi, et al.
- 2001
|
|
10
|
Hidden number problem with hidden multipliers, timed-release crypto and noisy exponentiation
– Howgrave-Graham, Nguyen, et al.
|
|
9
|
The hidden number problem with the trace and bit security of
– Li, Naslund, et al.
- 2002
|
|
9
|
On the generalized hidden number problem and bit security of XTR
– Shparlinski
- 2001
|
|
8
|
Hardness of computing the most signi bits of secret keys in Die-Hellman and related schemes
– Boneh, Venkatesan
- 1996
|
|
8
|
Finite
– Lidl, Niederreiter
- 1997
|
|
6
|
Complexity bounds on general hard-core predicates
– Goldman, Naslund, et al.
|
|
6
|
Security of almost all discrete log bits
– Schnorr
- 1998
|
|
5
|
On the unpredictability of bits of the elliptic curve Di#e--Hellman scheme
– Boneh, Shparlinski
- 2001
|
|
4
|
The security of individual RSA and discrete log bits
– Hastad, Naslund
|
|
2
|
Building curves with small MOV degree over prime Cryptology ePrint Archive, Report 2002/57
– Dupont, Enge, et al.
|
|
2
|
Security of the most signi bits of the Shamir message passing scheme
– Vasco, Shparlinski
|
|
