Results 1 - 10
of
171
Identity-Based Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract
-
Cited by 1748 (28 self)
- Add to MetaCart
(Show Context)
We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
Short signatures from the Weil pairing
, 2001
"... We introduce a short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyper-elliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signatures ar ..."
Abstract
-
Cited by 755 (25 self)
- Add to MetaCart
(Show Context)
We introduce a short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyper-elliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or signatures are sent over a low-bandwidth channel.
Improved proxy re-encryption schemes with applications to secure distributed storage
- IN NDSS
, 2005
"... In 1998, Blaze, Bleumer, and Strauss proposed an application called atomic proxy re-encryption, in which a semi-trusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. We predict that fast and secure re-encryption will become increasingly popu ..."
Abstract
-
Cited by 203 (15 self)
- Add to MetaCart
In 1998, Blaze, Bleumer, and Strauss proposed an application called atomic proxy re-encryption, in which a semi-trusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. We predict that fast and secure re-encryption will become increasingly popular as a method for managing encrypted file systems. Although efficiently computable, the wide-spread adoption of BBS re-encryption has been hindered by considerable security risks. Following recent work of Ivan and Dodis, we present new re-encryption schemes that realize a stronger notion of security and we demonstrate the usefulness of proxy reencryption as a method of adding access control to the SFS read-only file system. Performance measurements of our experimental file system demonstrate that proxy re-encryption can work effectively in practice.
Efficient Pairing Computation on Supersingular Abelian Varieties
- Designs, Codes and Cryptography
, 2004
"... We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. As particular cases, we describe efficient pairing algorithms for elliptic and hyperelliptic curves in characteristic 2. The latter is faster than all previously known pairing algorithms, and ..."
Abstract
-
Cited by 179 (25 self)
- Add to MetaCart
(Show Context)
We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. As particular cases, we describe efficient pairing algorithms for elliptic and hyperelliptic curves in characteristic 2. The latter is faster than all previously known pairing algorithms, and as a bonus also gives rise to faster conventional Jacobian arithmetic.
ID-Based Blind Signature and Ring Signature from Pairings
- Proc. of Asiacrpt2002, LNCS 2501
, 2002
"... Recently the bilinear pairing such as Weil pairing or Tate pairing on elliptic curves and hyperelliptic curves have been found various applications in cryptography. Several identity-based (simply ID-based) cryptosystems using bilinear pairings of elliptic curves or hyperelliptic curves were presente ..."
Abstract
-
Cited by 99 (13 self)
- Add to MetaCart
(Show Context)
Recently the bilinear pairing such as Weil pairing or Tate pairing on elliptic curves and hyperelliptic curves have been found various applications in cryptography. Several identity-based (simply ID-based) cryptosystems using bilinear pairings of elliptic curves or hyperelliptic curves were presented. Blind signature and ring signature are very useful to provide the user's anonymity and the signer's privacy. They are playing an important role in building e-commerce. In this paper, we firstly propose an ID-based blind signature scheme and an ID-based ring signature scheme, both of which are based on the bilinear pairings. Also we analyze their security and e#ciency.
An efficient signature scheme from bilinear pairings and its applications
- PKC 2004
, 2004
"... ... a short signature scheme (BLS scheme) using bilinear pairing on certain elliptic and hyperelliptic curves. Subsequently numerous cryptographic schemes based on BLS signature scheme were proposed. BLS short signature needs a special hash function [6, 1, 8]. This hash function is probabilistic and ..."
Abstract
-
Cited by 76 (12 self)
- Add to MetaCart
(Show Context)
... a short signature scheme (BLS scheme) using bilinear pairing on certain elliptic and hyperelliptic curves. Subsequently numerous cryptographic schemes based on BLS signature scheme were proposed. BLS short signature needs a special hash function [6, 1, 8]. This hash function is probabilistic and generally inefficient. In this paper, we propose a new short signature scheme from the bilinear pairings that unlike BLS, uses general cryptographic hash functions such as SHA-1 or MD5, and does not require special hash functions. Furthermore, the scheme requires less pairing operations than BLS scheme and so is more efficient than BLS scheme. We use this signature scheme to construct a ring signature scheme and a new method for delegation. We give the security proofs for the new signature scheme and the ring signature scheme in the random oracle model.
Multipurpose Identity-Based Signcryption - A Swiss Army Knife for Identity-Based Cryptography
- In Proc. CRYPTO 2003
, 2003
"... Identity-Based (IB) cryptography is a rapidly emerging approach to public-key cryptography that does not require principals to pre-compute key pairs and obtain certi cates for their public keys|instead, public keys can be arbitrary identi ers such as email addresses, while private keys are deri ..."
Abstract
-
Cited by 72 (2 self)
- Add to MetaCart
(Show Context)
Identity-Based (IB) cryptography is a rapidly emerging approach to public-key cryptography that does not require principals to pre-compute key pairs and obtain certi cates for their public keys|instead, public keys can be arbitrary identi ers such as email addresses, while private keys are derived at any time by a trusted private key generator upon request by the designated principals. Despite the urry of recent results on IB encryption and signature, some questions regarding the security and eciency of practicing IB encryption (IBE) and signature (IBS) as a joint IB signature/encryption (IBSE) scheme with a common set of parameters and keys, remain unanswered.
Identity Based Authenticated Key Agreement Protocols from Pairings
- In: Proc. 16th IEEE Security Foundations Workshop
, 2002
"... We investigate a number of issues related to identity based authenticated key agreement protocols in the Diffie-Hellman family enabled by the Weil or Tate pairings. These issues include how to make protocols efficient; to avoid key escrow by a Trust Authority (TA) who issues identity based private k ..."
Abstract
-
Cited by 67 (2 self)
- Add to MetaCart
We investigate a number of issues related to identity based authenticated key agreement protocols in the Diffie-Hellman family enabled by the Weil or Tate pairings. These issues include how to make protocols efficient; to avoid key escrow by a Trust Authority (TA) who issues identity based private keys for users, and to allow users to use different TAs. We describe a few authenticated key agreement (AK) protocols and AK with key confirmation (AKC) protocols by modifying Smart's AK protocol [Sm02]. We discuss the security of these protocols heuristically and give formal proofs of security for our AK and AKC protocols (using a security model based on the model defined in [BJM97]). We also prove that our AK protocol has the key compromise impersonation property. We also show that our second protocol has the TA forward secrecy property (which we define to mean that the compromise of the TA's private key will not compromise previously established session keys), and we note that this also implies that it has the perfect forward secrecy property.
An efficient signature-based scheme for securing network coding against pollution attacks
- In Proceedings of INFOCOM 08
, 2008
"... Abstract — Network coding provides the possibility to maxi-mize network throughput and receives various applications in traditional computer networks, wireless sensor networks and peer-to-peer systems. However, the applications built on top of network coding are vulnerable to pollution attacks, in w ..."
Abstract
-
Cited by 63 (1 self)
- Add to MetaCart
(Show Context)
Abstract — Network coding provides the possibility to maxi-mize network throughput and receives various applications in traditional computer networks, wireless sensor networks and peer-to-peer systems. However, the applications built on top of network coding are vulnerable to pollution attacks, in which the compromised forwarders can inject polluted or forged messages into networks. Existing schemes addressing pollution attacks either require an extra secure channel or incur high computation overhead. In this paper, we propose an efficient signature-based scheme to detect and filter pollution attacks for the applications adopting linear network coding techniques. Our scheme exploits a novel homomorphic signature function to enable the source to delegate its signing authority to forwarders, that is, the forwarders can generate the signatures for their output messages without contacting the source. This nice property allows the forwarders to verify the received messages, but prohibit them from creating the valid signatures for polluted or forged ones. Our scheme does not need any extra secure channels, and can provide source authentication and batch verification. Experimen-tal results show that it can improve computation efficiency up to ten times compared to some existing one. In addition, we present an alternate lightweight scheme based on a much simpler linear signature function. This alternate scheme provides a tradeoff between computation efficiency and security. I.
Constructing Elliptic Curves with Prescribed Embedding Degrees
, 2002
"... Pairing-based cryptosystems depend on the existence of groups where the Decision Diffie-Hellman problem is easy to solve, but the Computational Diffie-Hellman problem is hard. Such is the case of elliptic curve groups whose embedding degree is large enough to maintain a good security level, but smal ..."
Abstract
-
Cited by 62 (17 self)
- Add to MetaCart
Pairing-based cryptosystems depend on the existence of groups where the Decision Diffie-Hellman problem is easy to solve, but the Computational Diffie-Hellman problem is hard. Such is the case of elliptic curve groups whose embedding degree is large enough to maintain a good security level, but small enough for arithmetic operations to be feasible. However, the embedding degree is usually enormous, and the scarce previously known suitable elliptic groups had embedding degree k <= 6. In this note, we examine criteria for curves with larger k that generalize prior work by Miyaji et al. based on the properties of cyclotomic polynomials, and propose efficient representations for the underlying algebraic structures.