A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto.

Slides:

Advertisements

Similar presentations

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.

Advertisements

Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Lecture 8: Lattices and Elliptic Curves

7. Asymmetric encryption-

Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups Masayuki Abe, NTT Jens Groth, University College London Kristiyan Haralambiev, NYU.

Lect. 11: Public Key Cryptography. 2 Contents 1.Introduction to PKC 2.Hard problems  IFP  DLP 3.Public Key Encryptions  RSA  ElGamal 4.Digital Signatures.

Identity Based Encryption

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Hidden pairings and trapdoor DDH groups Alexander W. Dent Joint work with Steven D. Galbraith.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.

APPLICATIONS OF POLYNOMIALS IN CRYPTOGRAPHY

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Public Key Model 8. Cryptography part 2.

1 CIS 5371 Cryptography 8. Asymmetric encryption-.

By Jyh-haw Yeh Boise State University ICIKM 2013.

-Anusha Uppaluri.  ECC- A set of algorithms for key generation, encryption and decryption (public key encryption technique)  ECC was introduced by Victor.

By Abhijith Chandrashekar and Dushyant Maheshwary.

© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.

Elliptic Curve Cryptography

1 AN EFFICIENT METHOD FOR FACTORING RABIN SCHEME SATTAR J ABOUD 1, 2 MAMOUN S. AL RABABAA and MOHAMMAD A AL-FAYOUMI 1 1 Middle East University for Graduate.

By: Er. Sukhwinder kaur.  Computation Computation  Algorithm Algorithm  Objectives Objectives  What do we study in Theory of Computation ? What do.

An Efficient Identity-based Cryptosystem for

CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes Published: January 1998 Presented by: Sagar Chivate.

Asymmetric Key Signatures David Evans and Samee Zahur CS4501, Fall 2015.

Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,

Elliptical Curve Cryptography Manish Kumar Roll No - 43 CS-A, S-7 SOE, CUSAT.

Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.

Multivariate Signature Scheme using Quadratic Forms Takanori Yasuda (ISIT) Joint work with Tsuyoshi Takagi (Kyushu Univ.), Kouichi Sakurai (Kyushu Univ.)

General Attacks on Elliptic Curve Based Cryptosystems Merabi Chicvashvili Ron Ryvchin Project Advisor: Barukh Ziv Spring 2014.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

Controlled Algebras and GII’s Ronald L. Rivest MIT CSAIL IPAM Workshop October 9, 2006.

A DPA Countermeasure by Randomized Frobenius Decomposition Tae-Jun Park, Mun-Kyu Lee*, Dowon Hong and Kyoil Chung * Inha University.

Scott CH Huang COM 5336 Cryptography Lecture 6 Public Key Cryptography & RSA Scott CH Huang COM 5336 Cryptography Lecture 6.

Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security

AGC DSP AGC DSP Professor A G Constantinides©1 Signal Spaces The purpose of this part of the course is to introduce the basic concepts behind generalised.

Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.

Public Key Cryptosystem Introduced in 1976 by Diffie and Hellman [2] In PKC different keys are used for encryption and decryption 1978: First Two Implementations.

Introduction PreparationMain result Conclusion A Method for Constructing A Self-Dual Normal Basis in Odd Characteristic Extension Field Department of Communication.

Elliptic Curve Cryptography Celia Li Computer Science and Engineering November 10, 2005.

On the Notion of Pseudo-Free Groups Ronald L. Rivest MIT Computer Science and Artificial Intelligence Laboratory TCC 2/21/2004.

11 RSA Variants.  Scheme ◦ Select s.t. p and q = 3 mod 4 ◦ n=pq, public key =n, private key =p,q ◦ y= e k (x)=x (x+b) mod n ◦ x=d k (y)=  y mod n.

Weaknesses in the Generic Group Model

Self-Blindable Credential Certificates from the Weil Pairing Eric R. Verheul April 9, 2004 SCLab Jinhae Kim.

RSA Data Security, Inc. PKCS #13: Elliptic Curve Cryptography Standard Burt Kaliski RSA Laboratories PKCS Workshop October 7, 1998.

MAT 2401 Linear Algebra 4.2 Vector Spaces

INCS 741: Cryptography Overview and Basic Concepts.

Final Outline Shang-Hua Teng. Problem 1: Multiple Choices 16 points There might be more than one correct answers; So you should try to mark them all.

1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.

What is in a name? Identity-based cryptography. How public-key crypto works When you use public key cryptography, you can publish a value (public key)

Elliptic Curve Public Key Cryptography Why ? ● ECC offers greater security for a given key size. ● The smaller key size also makes possible much more compact.

On the Notion of Pseudo-Free Groups

An Introduction to Pairing Based Cryptography

Public Key Cryptosystem

Network Security Design Fundamentals Lecture-13

Attribute Based Encryption

Attack on Fully Homomorphic Encryption over Principal Ideal Lattice

An Introduction to Pairing Based Cryptography

Cryptography Lecture 23.

Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces

Cryptology Design Fundamentals

ID-based Signatures from Pairings on Elliptic Curves

Cryptography Lecture 19.

Network Security Design Fundamentals Lecture-13

Review of Cryptography: Symmetric and Asymmetric Crypto Advanced Network Security Peter Reiher August, 2014.

How to Use Charm Crypto Lib

Presentation transcript:

A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto

Are Alfred Menezes, O. and Scott Vanstone such persons by their attack to ECC in 1990? No, it is not true! Who Used Bilinear Pairings in Cryptography for the First Time?

Unsung Hero in Pairing-Based Cryptography Burt Kaliski In his PhD thesis in 1988, he did a pioneer work on bilinear pairings for a cryptographic application.

Contents  A general construction of pseudo- random generators over general Abelian groups.  A typical example: construction on general elliptic curves.  It is necessary to determine the group structure of the underlying curve. Weil pairing is employed.

MOV Reduction  1988: PhD Thesis of B. Kaliski  1990: Menezes, O. and Vanstone read his thesis and learnt the cryptographic application of the Weil pairing and Miller ’ s algorithm. We then found the reduction of ECDL to MDL by using the Weil pairing.

Reply message from Kaliski  Victor Miller visited Ron Rivest when I was a graduate student, and he met with me about my research. If I recall correctly, I asked him if he knew a way to determine whether an elliptic curve group was cyclic, and he suggested the Weil pairing. He also gave me a copy of his algorithm for computing the Weil pairing, and agreed that I could implement it for my thesis.

A New Approach on Bilinear Pairings and Its Applications Joint Work with Katsuyuki Takashima (Mitsubishi Electric)

Pairing-Based Cryptography

Why Did Pairing-Based Cryptography So Succeed? Mathematically Richer Structure  Traditional Crypto: g enus 0  Pairing-Based Crypto: genus 1 (e.g., Multiplicative group) (e.g., pairing-friendly elliptic curve group)

Additional Math Structure with Pairings  Traditional Techniques over Cyclic Groups  Pairing  Additional Structure as well as the Above Properties

New Approach on Pairings : Constructing a Richer Structure from Pairing Groups

Pairing Groups

The Most Natural Way to Make a Richer Algebraic Structure from Pairing Groups Direct Product of Pairing Groups

 Vector Addition  Scalar multiplication N- Dimensional Vector Spaces:

Canonical Bases Element Expression on Canonical Basis

Duality e e

Orthonormality

Base Change

Trapdoor hard easy

Special Case: Self-Duality

Abstraction: Dual Pairing Vector Spaces (DPVS)

Construction of Dual Pairing Vector Spaces:  Direct product of pairing groups (e.g., product of elliptic curves)  Jocobian of supersingular hyperelliptic curves [Takashima, ANTS’08]

Intractable Problems in DPVS Suitable for Cryptographic Applications Vector Decomposition Problem (VDP) Decisional VDP (DVDP) Decisional Subspace Problem (DSP)

Vector Decomposition Problem (VDP) hard

Special Case of Vector Decomposition Problem (VDP) easy

[Yoshida, Mitsunari and Fujiwara 2003], [Yoshida 2003] Introduced VDP on elliptic curves. History of Vector Decomposition Problem (VDP)

[Duursma and Kiyavash 2005], [Duursma and Park 2006], VDP on hyperelliptic curves, higher dimensional ElGamal-type signatures History of Vector Decomposition Problem (VDP)

[Galbraith and Verheul, PKC 2008] Introduced “ distortion eigenvector basis ” for VDP on elliptic curves. History of Vector Decomposition Problem (VDP)

O. and Takashima (Pairing 2008): Introduced more general notion, “ distortion eigenvector spaces ”, for higher dimensional spaces, and showed several cryptographic applications. We also extended the concept to “ dual pairing vector spaces ” (Aisiacrypt 2009) for VDP and other problems, and showed an application to predicate encryption. History of Vector Decomposition Problem (VDP)

Trapdoor of VDP: Algorithm Deco

Decisional VDP (DVDP) 11 Adv DVDP Assumption

Decisional Subspace Problem (DSP) 11 Adv DSP Assumption

0 0 Relations with DDH and DLIN Problems

Trapdoors for DVDP and DSP  Algorithm Deco with X  Pairing with  Hierarchy of trapdoors (Top level trapdoor)

Related Works and Properties

Application to Cryptography

Multivariate Homomorphic Encryption Homomorphic property

Multivariate Homomorphic Encryption

Predicate Encryption Scheme

Summary  A new approach on bilinear pairing: Dual pairing vector spaces - enjoy richer algebraic structures  Cryptographic applications: - predicate encryption for inner- products - more …

Thank you!