Results 1 - 10
of
39
Efficient non-interactive proof systems for bilinear groups
- In EUROCRYPT 2008, volume 4965 of LNCS
, 2008
"... Non-interactive zero-knowledge proofs and non-interactive witness-indistinguishable proofs have played a significant role in the theory of cryptography. However, lack of efficiency has prevented them from being used in practice. One of the roots of this inefficiency is that non-interactive zero-know ..."
Abstract
-
Cited by 126 (7 self)
- Add to MetaCart
(Show Context)
Non-interactive zero-knowledge proofs and non-interactive witness-indistinguishable proofs have played a significant role in the theory of cryptography. However, lack of efficiency has prevented them from being used in practice. One of the roots of this inefficiency is that non-interactive zero-knowledge proofs have been constructed for general NP-complete languages such as Circuit Satisfiability, causing an expensive blowup in the size of the statement when reducing it to a circuit. The contribution of this paper is a general methodology for constructing very simple and efficient non-interactive zero-knowledge proofs and non-interactive witness-indistinguishable proofs that work directly for groups with a bilinear map, without needing a reduction to Circuit Satisfiability. Groups with bilinear maps have enjoyed tremendous success in the field of cryptography in recent years and have been used to construct a plethora of protocols. This paper provides non-interactive witnessindistinguishable proofs and non-interactive zero-knowledge proofs that can be used in connection with these protocols. Our goal is to spread the use of non-interactive cryptographic proofs from mainly theoretical purposes to the large class of practical cryptographic protocols based on bilinear groups.
Hardware acceleration of the Tate pairing in characteristic three
, 2005
"... Although identity based cryptography offers many functional advantages over conventional public key alternatives, the computational costs are significantly greater. The core computational task is evaluation of a bilinear map, or pairing, over elliptic curves. In this paper we prototype and evaluate ..."
Abstract
-
Cited by 17 (0 self)
- Add to MetaCart
Although identity based cryptography offers many functional advantages over conventional public key alternatives, the computational costs are significantly greater. The core computational task is evaluation of a bilinear map, or pairing, over elliptic curves. In this paper we prototype and evaluate polynomial and normal basis field arithmetic on an FPGA device and use it to construct a hardware accelerator for pairings over fields of characteristic three. The performance of our prototype improves roughly ten-fold on previous known hardware implementations and orders of magnitude on the fastest known software implementation. As a result we reason that even on constrained devices one can usefully evaluate the pairing, a fact that gives credence to the idea that identity based cryptography is an ideal partner for identity aware smart-cards.
A Biometric Identity Based Signature Scheme
, 2004
"... We describe an identity based signature scheme that uses biometric information to construct the public key. Such a scheme would be beneficial in a legal dispute over whether a contract had been signed or not by a user. A biometric reading provided by the alleged signer would be enough to verify th ..."
Abstract
-
Cited by 14 (2 self)
- Add to MetaCart
We describe an identity based signature scheme that uses biometric information to construct the public key. Such a scheme would be beneficial in a legal dispute over whether a contract had been signed or not by a user. A biometric reading provided by the alleged signer would be enough to verify the signature. We make use of Fuzzy extractors [7] to generate a key string from a biometric measurement.
Arithmetic Operators for Pairing-Based Cryptography
, 2007
"... Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. Software implementations being rather slow, the study of hardware architectures became an active research area. In this paper, we fir ..."
Abstract
-
Cited by 11 (4 self)
- Add to MetaCart
Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. Software implementations being rather slow, the study of hardware architectures became an active research area. In this paper, we first study an accelerator for the ηT pairing over F3[x]/(x 97 + x 12 + 2). Our architecture is based on a unified arithmetic operator which performs addition, multiplication, and cubing over F 3 97. This design methodology allows us to design a compact coprocessor (1888 slices on a Virtex-II Pro 4 FPGA) which compares favorably with other solutions described in the open literature. We then describe ways to extend our approach to any characteristic and any extension field.
A Fault Attack on Pairing Based Cryptography
- IEEE TRANSACTIONS ON COMPUTERS
, 2006
"... Current fault attacks against public key cryptography focus on traditional schemes such as RSA and ECC, and to a lesser extent primitives such as XTR. However, bilinear maps, or pairings, have presented theorists with a new and increasingly popular way of constructing cryptographic protocols. Most n ..."
Abstract
-
Cited by 10 (0 self)
- Add to MetaCart
Current fault attacks against public key cryptography focus on traditional schemes such as RSA and ECC, and to a lesser extent primitives such as XTR. However, bilinear maps, or pairings, have presented theorists with a new and increasingly popular way of constructing cryptographic protocols. Most notably, this has resulted in efficient methods for Identity Based Encryption (IBE). Since identity based cryptography seems an ideal partner for identity aware devices such as smartcards, in this paper we examine the security of concrete pairing instantiations in terms of fault attack.
Algorithms and Arithmetic Operators for Computing the ηT Pairing in Characteristic Three
, 2008
"... Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. With software implementations being rather slow, the study of hardware architectures became an active research area. In this paper, w ..."
Abstract
-
Cited by 10 (6 self)
- Add to MetaCart
Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. With software implementations being rather slow, the study of hardware architectures became an active research area. In this paper, we discuss several algorithms to compute the T pairing in characteristic three and suggest further improvements. These algorithms involve addition, multiplication, cubing, inversion, and sometimes cube root extraction over IF3 m. We propose a hardware accelerator based on a unified arithmetic operator able to perform the operations required by a given algorithm. We describe the implementation of a compact coprocessor for the field IF3 97 given by IF3xŠ=ðx 97 þ x12 þ 2Þ, which compares favorably with other solutions described in the open literature.
Security considerations and key negotiation techniques for power constrained sensor networks
- The Computer Journal (Oxford University Press
, 2006
"... Sensor networks are becoming increasingly important for a wide variety of applications including environmental monitoring, building safety and emergency relief services. A typical sensor network consists of a large number of small, low-power, low-cost nodes that form a self-organized network using w ..."
Abstract
-
Cited by 9 (0 self)
- Add to MetaCart
(Show Context)
Sensor networks are becoming increasingly important for a wide variety of applications including environmental monitoring, building safety and emergency relief services. A typical sensor network consists of a large number of small, low-power, low-cost nodes that form a self-organized network using wireless peer-to-peer communication. Because sensor networks pose unique constraints on their operation, traditional security techniques used by conventional networks cannot be applied. In this paper we consider the operational issues and security threats to sensor networks. We discuss the state of the art in terms of sensor network security and we examine the practicality of using efficient elliptic curve algorithms and identity based encryption to deploy a secure sensor network infrastructure. We evaluate the potential for realizing this on low-power, long-life devices by measuring power consumption of the operations needed for key management in a sensor network and thus provide further evidencefor the feasibility of the approach. Keywords: I.2.9 Robotics:Sensors, C.2 Networks:Security, E.3 Encryption:Public Key Cryptosystems 1.
Fast Architectures for the ηT Pairing over Small-Characteristic Supersingular Elliptic Curves
, 2011
"... This paper is devoted to the design of fast parallel accelerators for the cryptographic T pairing on supersingular elliptic curves over finite fields of characteristics two and three. We propose here a novel hardware implementation of Miller’s algorithm based on a parallel pipelined Karatsuba multi ..."
Abstract
-
Cited by 8 (4 self)
- Add to MetaCart
(Show Context)
This paper is devoted to the design of fast parallel accelerators for the cryptographic T pairing on supersingular elliptic curves over finite fields of characteristics two and three. We propose here a novel hardware implementation of Miller’s algorithm based on a parallel pipelined Karatsuba multiplier. After a short description of the strategies that we considered to design our multiplier, we point out the intrinsic parallelism of Miller’s loop and outline the architecture of coprocessors for the T pairing over F2m and F3m. Thanks to a careful choice of algorithms for the tower field arithmetic associated with the T pairing, we manage to keep the pipelined multiplier at the heart of each coprocessor busy. A final exponentiation is still required to obtain a unique value, which is desirable in most cryptographic protocols. We supplement our pairing accelerators with a coprocessor responsible for this task. An improved exponentiation algorithm allows us to save hardware resources. According to our place-and-route results on Xilinx FPGAs, our designs improve both the computation time and the area–time trade-off compared to previously published coprocessors. Index Terms—Tate pairing,
Instruction Set Extensions for Pairing-Based Cryptography
, 2007
"... A series of recent algorithmic advances has delivered highly effective methods for pairing evaluation and parameter generation. However, the resulting multitude of options means many different variations of base field must ideally be supported on the target platform. Typical hardware accelerators in ..."
Abstract
-
Cited by 5 (3 self)
- Add to MetaCart
(Show Context)
A series of recent algorithmic advances has delivered highly effective methods for pairing evaluation and parameter generation. However, the resulting multitude of options means many different variations of base field must ideally be supported on the target platform. Typical hardware accelerators in the form of co-processors possess neither the flexibility nor the scalability to support fields of different characteristic and order. On the other hand, extending the instruction set of a general-purpose processor by custom instructions for field arithmetic allows to combine the performance of hardware with the flexibility of software. To this end, we investigate the integration of a tri-field multiply-accumulate (MAC) unit into a SPARC V8 processor core to support arithmetic in Fp, F2n and F3n. Besides integer multiplication, the MAC unit can also execute dedicated multiply and MAC instructions for binary and ternary polynomials. Our results show that the tri-field MAC unit adds only a small size overhead while significantly accelerating arithmetic in F2n and F3n, which sheds new light on the relative performance of Fp, F2n and F3n in the context of pairing-based cryptography.
Java Card Key Generation for Identity Based Systems
, 2005
"... Abstract. Identity based encryption and signature schemes are public key schemes where an identity, such as an arbitrary string like an email address or biometric data, is the basis for the public key. Identity Based Encryption requires the use of a Private Key Generator that creates an associated p ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
(Show Context)
Abstract. Identity based encryption and signature schemes are public key schemes where an identity, such as an arbitrary string like an email address or biometric data, is the basis for the public key. Identity Based Encryption requires the use of a Private Key Generator that creates an associated private key given a public key generated from the identity and a secret master key. The security of such a system depends on keeping the master key a secret. Identity Based Signature schemes are subtly different but still require the secure generation of a key. We design and develop on card software to perform multiple precision arithmetic and elliptic curve arithmetic over finite fields required for the implementation of Identity Based Encryption and Signature schemes. We also develop Java Card applets to enable secure key generation. This allows for a portable private key generator so that, for example, a system administrator can securely generate and distribute private keys to potential users at their terminal after performing appropriate authenti-cation procedures. We also show how our system can easily accommodate new algorithms with minimal re-engineering. We then outline how this can be used to counteract specified attacks on the card including side channel attacks.
