The existence of nondegenerate, bilinear maps on elliptic curves, called pairings, allow the. Pdf computing bilinear pairings on elliptic curves with. Elliptic curves, automorphism, pairing based cryptography, weil pairing. Indeed, elliptic curves are the main object on which cryptographic pairings take place, so this.
In recent years, many applications of elliptic curves to cryptography have been developed. Identity based cryptography from bilinear pairings by manuel bernardo barbosa abstract this report contains an overview of two related areas of research in cryptography which have been proli. Contributions to public key cryptography and key agreement protocols this thesis introduces the concept of certi. The parameter k is called the embedding degree of the elliptic curve. Pairings on elliptic curves ii elliptic curve cryptography. Implementation of bilinear pairings over elliptic curves with. Cryptosystems based on groups of rational points on elliptic curves allow more efficient alternatives to finite field cryptography, which usually requires groups with larger cardinality and lower efficiency.
For the first time in the literature, the three different definitions of the weil pairing. Springer new york berlin heidelberg hong kong london milan paris tokyo. Jul 09, 2012 pairings weil pairing on elliptic curves tate pairing on elliptic curves squared weil and tate pairings optimal ate pairing eta pairing and generalized forms all these for jacobians hyperelliptic curves. Oct 19, 2010 pairings on elliptic curves parameter selection and ef. For pairings to be effective, special kind of elliptic curves are required. Pdf speeding up the bilinear pairings computation on curves. Bilinear maps are called pairings because they associate pairs. Here we introduce bilinear pairings mathematically. Elliptic curves, automorphism, pairing based cryptography, weil pairing 1 introduction bilinear pairings play an important role in cryptographic protocols 22. Pairings on elliptic curves the equivalence is shown in theorem 4 of the extended and unpublished version of hess 282, and in section 11. I assume i exists subgroup ef qr of large prime order r 6 q. In the world of elliptic curve cryptography, the pairing was initially considered as negative property. We give an elementary and selfcontained introduction to pairings on elliptic curves over finite fields. This chapter describes the discrete logarithm problem for hyperelliptic curve and how bilinear pairings are related to this.
Speeding up the bilinear pairings computation on curves with. Tate pairings on elliptic curves over nite elds have been considered 24. An introduction to pairingbased cryptography mathematics. On a 160 bit curve this means type g will give you 1600 bit dlog security and type f curves will give you 1920 bit dlog security. Computing bilinear pairings on elliptic curves with. China 2 school of information science and technology, sun yatsen university, guangzhou 510275, p. The bilinear map e will be derived either from the modified weil pairing or from the tate pairing over a finite field. We then introduce bilinear groups of composite order and how they are used to create pairingbased cryptosystems. In this paper, we present a novel method for constructing a superoptimal pairing with great efficiency, which we call the omega pairing. Suitable bilinear pairings can be constructed from the tate pairing for specially chosen elliptic curves. Recently there has been research into computing pairings on other models of elliptic curves. I assume i exists subgroup ef q of large prime order 6 q. We give an elementary and selfcontained introduction to pairings on elliptic curves over. All schemes in this paper can work on any gdh group.
We present two cryptosystems using compositeorder groups. A bilinear pairing is a mapping of a pair of points on an elliptic curve defined on any field f to an element of the multiplicative group of a finite. A more comprehensive description about bilinear pairings, selection of elliptic curves and suitable parameters and group formation can be found in boneh and franklin, 2001, boneh et al. The computation of the omega pairing requires the simple final exponentiation and short loop length in millers algorithm which leads to a significant improvement over the previously known techniques on certain pairing friendly curves. The remainder of the paper is organized as follows.
Dec 11, 2009 applications of pairings in cryptography attack dlbased cryptography on elliptic curves menezesokamotovanstone1993, freyruck1994. Constructing pairingfriendly elliptic curves for cryptography david freeman university of california, berkeley, usa 2nd kiaskms summer workshop on cryptography seoul, korea 30 june 2007 david freeman constructing pairingfriendly elliptic curves for cryptography. Cryptographic schemes based on elliptic curve pairings. In chapter 3 we introduce the important concept of divisors, as well as other essential theory from algebraic geometry that is needed to properly understand cryptographic pairings.
There has also been a tremendous amount of work on the realization and e. Bilinear groups finite groups on certain elliptic curves with special function called bilinear map can build enc schemes on bilinear groups. The thesis also contains required preliminaries from algebraic geometry and number theory. Jan 23, 20 we give an elementary and selfcontained introduction to pairings on elliptic curves over finite fields. Qpcq k 1n where c p k 1 i0 t k 1 iqi kqk 1 mod r i for r l, the ate pairing is nondegenerate fr. This article gives an introduction to the protocols, tate. New and e cient idbased signature scheme with message. Pairings on elliptic curves have become very popular in the decade due to the possibility of implementing modern cryptographic schemes and protocols based on the pairings. Pdf bilinear pairings on lemniscates curve researchgate. Jan 16, 2017 elliptic curve pairings or bilinear maps are a recent addition to a 30yearlong history of using elliptic curves for cryptographic applications including encryption and digital signatures.
A short note on cryptography using elliptic curves. Bilinear pairings of elliptic curves tjerand silde. Bilinear pairings play an important role in cryptographic protocols 22. So type f curves are superior from that perspective. Bilinear pairings transport the discrete logarithm problem from a curve defined over a fi nite field into. Oneround tripartite key agreement joux2000, identitybased, noninteractive key agreement ohgishikasahara2000. Pairing based cryptographic schemes derived on elliptic curves. The pairing is considered to be secure if taking discrete logarithms. G 1 x g 1 g 2, with a secret, s, a group element, p, in g 1 create a public key pair p, qsp need a cryptographic hash function h to hash.
Elliptic curves, second edition dale husemoller springer springer new york berlin heidelberg hong kong london milan paris tokyo. Elliptic curve pairings or bilinear maps are a recent addition to a 30yearlong history of using elliptic curves for cryptographic applications including encryption and digital signatures. Efficient generation of pairing friendly elliptic curves. Lauridsen technical university of denmark february, 2016 1 introduction in this short note, we introduce the basic concepts of elliptic curves, bilinear parings and lattices. Some applications of pairings in elliptic curve cryptography have already been. Computing bilinear pairings on elliptic curves with automorphisms.
From bilinear pairing, we can obtain the gdh group. Elliptic curve pairings are then used to make concrete clpkc schemes and are also used to make other e. Type g curves have an embedding degree of 10 and type f curves bn curves an embedding degree of 12. In a cryptographic context bilinear pairings on elliptic curves were first used to attack the elliptic. Pairings on elliptic curves i elliptic curve cryptography. Constructing families of pairingfriendly elliptic curves. Computing bilinear pairings on elliptic curves with automorphisms article pdf available in designs codes and cryptography 581. Note that these two examples fall in the first two classes of supersingular curves. Exploring elliptic curve pairings vitalik buterin medium. Construct crypto systems with certain special properties. This chapter describes the discrete logarithm problem for hyper elliptic curve and how bilinear pairings are related to this. Bilinear pairings on elliptic curves tugraz diglib. Constructive uses of pairings as for ibe rely on using slightly weakened curves, i. Elliptic curve cryptography and applications kristin lauter.
Pairings have been accepted as an indispensable tool for the protocol designer. Choosing g1 and g2 ate pairing optimal pairing elliptic curves i base. Such groups can be found on supersingular elliptic curves or hyperelliptic curves over nite eld, and the bilinear parings can be derived from the weil or tate pairing. The computation of the omega pairing requires the simple final exponentiation and short loop length in millers algorithm which leads to a significant improvement over the previously known techniques on certain pairingfriendly curves. Pairingbased cryptography relies on hardness assumptions separate from e. An elliptic curve pairing allows useful protocols such as identitybased encryption, attributebased encryption, group signatures, etc. Ben lynn roots of polynomials tate pairing contents. Implementation of bilinear pairings over elliptic curves. An e cient signature scheme from bilinear pairings and its. The squared pairings introduced in this paper have the advantage that our algorithms for evaluating them are deterministic and do not depend on a random choice of points. Central to pairingbased cryptosystems is a bilinear nondegenerate map, originally given as. Weiltate pairings pairing computation elliptic curves i base. Computational problems some computational problems in the elliptic curve group and bilinear pairing, which are assumed to be secure and cannot be.
Construction of such curves combines knowledge from algebraic geometry, number theory and cryptography. Moreover, the map is a homomorphism of groups or, equivalently, zmodules, hence thelinear. Some specific curves especially most supersingular curves turned out to have very low embedding degrees, and, for them, pairings are a useful breaking tool. Computing bilinear pairings on elliptic curves with automorphisms changan zhao1, dongqing xie1, fangguo zhang2, jingwei zhang2 and binglong chen3 1 school of computer science and educational software, guangzhou university, guangzhou 56, p. Pairings on elliptic curves parameter selection and. A contemporary example of using bilinear pairings is exemplified in the bonehlynnshacham signature scheme. Bilinear pairings on elliptic curves by andreas enge. Pairings on elliptic curves parameter selection and ef. Constructing pairingfriendly elliptic curves for cryptography. Ordinary curves pairing inversion elliptic curves elliptic curve e over f q. Let r be a commutative ring with unity, and let m, n and l be three r modules.
A bilinear pairing is a mapping of a pair of points on an elliptic curve defined on any field f to an element of the multiplicative group of a finite extension of f. Certificateless short sequential and broadcast multisignature. A short note on cryptography using elliptic curves, bilinear pairings and lattices martin m. The purpose of this thesis is to present elliptic curves and pairings on elliptic curves, constructing of pairing friendly elliptic curves and researching their use and efficient implementation. In this paper, we utilize some nontrivial automorphisms on a family of nonsupersingular elliptic curves for accelerating the bilinear pairings computation. Elliptic curves are traditionally written using the weierstrass equation. These pairings are bilinear maps from an elliptic curve group efq to the multiplicative group of some extension. Pairings elliptic curves tate pairing and variants pairings i let g1, g2, gt be groups of prime order r. Bilinear pairings on elliptic curves are explained. Ate pairing speeds up the bilinear pairings computation mainly using frobenius endomorphisms on nonsupersingular elliptic curves. Pdf in this paper we present a new algorithm for computing the bilinear pairings on a family of nonsupersingular elliptic curves with nontrivial. For the first time in the literature, the three different definitions of the weil pairing are stated correctly and proved to be equivalent using weil reciprocity. A short note on cryptography using elliptic curves, bilinear. Mar 27, 2010 in this paper, we present a novel method for constructing a superoptimal pairing with great efficiency, which we call the omega pairing.
193 1573 1219 399 1476 748 1175 183 623 1555 1310 1330 1561 88 947 11 1330 576 129 1147 128 588 1263 1097 1441 1155 1558 661 613 942 613 948 948 237 187 1313 848