Download presentation
Presentation is loading. Please wait.
Published byBarnaby Bradley Modified over 9 years ago
1
Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security terence@voltage.com
2
Overview What is a Pairing? Pairing-based Crypto Applications Pairing-based Crypto Standards
3
What is a Pairing? An old mathematical idea It “pairs” elliptic curve points Has a very interesting property called bilinearity: Pair(aB, cD) = Pair(cB, aD) This property makes for a powerful new cryptographic primitive Popular cryptographic research area (200+ papers)
4
What can Pairings do? Identity based encryption Encryption where any string (like an email address) can be a public key Identity based key exchange Key exchange using identities Short signatures 160-bit signatures Searchable encryption, and others
5
Identity-Based Encryption (IBE) IBE is an old idea Originally proposed by Adi Shamir, co-inventor of the RSA Algorithm in 1984 Fundamental problem: can any string be used as a public key? Practical implementation: Boneh-Franklin Algorithm published at Crypto 2001 First efficient, provably secure IBE scheme
6
Identity-Based Encryption (IBE) The ability to use any string makes key management easier IBE Public Key: alice@gmail.com RSA Public Key: Public exponent=0x10001 Modulus=13506641086599522334960321627880596993888147 560566702752448514385152651060485953383394028715 057190944179820728216447155137368041970396419174 304649658927425623934102086438320211037295872576 235850964311056407350150818751067659462920556368 552947521350085287941637732853390610975054433499 9811150056977236890927563
7
How IBE works in practice Alice sends a Message to Bob bob@b.com Key Server Alice encrypts with bob@b.com 1 Requests private key, authenticat es 2 Receives Private Key for bob@b.com 3 Bob decrypts with Private Key 4 alice@a.co m bob@b.com
8
How IBE works in practice Charlie sends a Message to Bob bob@b.com Charlie encrypts with bob@b.com 1 Bob decrypts with Private Key 2 charlie@c.co m Fully off-line - no connection to server required bob@b.com Key Server
9
How Pairings Lead to IBE Setup Key generator generates secret s, random P Gives everyone P, sP Encryption Alice hashes Bob@b.com -> IDBob@b.com Encrypt message with k = Pair(rID, sP) Send encrypted message and rP Key Generation Bob authenticates, asks for private key Key generator gives back sID Decrypt Bob decrypts with k = Pair(sID, rP) Bob’s k and Alice’s k are identical
10
IBE’s Operational Characteristics Easy cross-domain encryption No per-user databases No per-user queries to find keys State of the system does not grow per user Key recovery Accomodates content scanning, anti-virus, archiving and other regulatory mechanisms Keys still under control of enterprise Fine-grained key control Easy to change authentication policy over time Revocation handled without CRLs
11
Sweet Spots for IBE Encryption Inside and outside the organization Sweet Spots for PKI Authentication Signing Inside the organization IBE and PKI - Complementary Strengths PKI Maximum protection Works well for signing/authentication Requires roll-out generate keys for users Certificate managment Identity-Based Encryption Good for encryption no key-lookup revocation is easy Ad-hoc capable requires no pre-enrollment Content scanning easy
12
Other Pairing Applications Short Signatures BLS scheme and others yield 160-bit signatures Half the size of DSA signatures Have other interesting properties Can aggregate signatures Allows, for example, a single signature on a cert chain Verifiable encrypted signatures Use in fair exchange, other protocols Searchable Encryption Key Exchange
13
Standards Activities IEEE Study Group formed last Monday, as part of the P1363 Group Goal is writing and submitting a PAR, defining the mission of the standards group 24 participants from various countries and industries Technical content drafts soon Pairings module: Hovav Shacham, Stanford IBE module: Mike Scott, Dublin City University Draft PAR agreed, to be submitted
14
Standards Philosophy Model after past IEEE cryptographic standards Standardize algorithms, but not protocols e.g. formats for IBE encrypted email would be part of a different standard Don’t block future standards based on PBC Allow for amendments that build on parts of this standard Separate IBE and PBC layers Limit scope to keep the task manageable Focus on one set of algorithms, split off other types of algorithms into separate standards
15
Proposed Structure of an PBC/IBE Standard Pairing Based Crypto Layer and Algorithm Layers Identity-Based Encryption Pairing Based Cryptography e.g. pairing, algorithms to compute pairings, curve types, curve parameters IBE based Protocols e.g. IBE email, key request etc. Identity based key exchange Signatures 1363 Other stds
16
Current Discussion Points Scaling Security to 128/256 bits Separation between pairing layer and crypto methods Curve families for embedded and hardware implementation
17
For More Information On 1363 activities: http://grouper.ieee.org/groups/1363/WorkingGroup/ On pairing based crypto Paulo Barreto’s Pairing Based Crypto Lounge http://paginas.terra.com.br/informatica/paulobarreto/pblounge.htm On IBE http://crypto.stanford.edu/ibe/ http://www.voltage.com
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.