Cryptography from Pairings: A Snapshot of Current Research

AbstractRecently there has been an explosion of interest in the use of pairings on elliptic curvesin cryptography. We provide a self-contained snapshot of current research in this area.Our aim is to give the reader unfamiliar with the subject a briefing on the key ideas andtrends along with pointers to further literature. 1 Introduction A pairing in the context of cryptography is simply a map from one group to another withsome rather special properties. In the last couple of years, pairings have allowed the openingup of completely new territory in cryptography, making it possible to realise cryptographicprimitives that were previously unknown or impractical. For example, pairings have beenused to construct a non-interactive, identity-based key agreement scheme [26], and a three-party key agreement protocol that requires just one round of communication [19]. Perhapsmost exciting of all, pairings have been used to derive the first fully functioning identity-based public-key encryption scheme [4]. This scheme has the nice property that a user’spublic key can be calculated directly from his identity rather than being extracted from acertificate issued by a CA. Because of this feature, we potentially get all the benefits ofpublic-key cryptography, but without the need for certificates and an attendant public-keyinfrastructure.In this article, we aim to give an introductory tour of this recent research. We will haveto use some mathematical notation to describe what a pairing is, but we will focus on whatcan be done with pairings once one has them to hand rather than on the technical detailsof pairings. No more mathematical knowledge will be required than one already needs tounderstand, say, RSA encryption or Diffie-Hellman key exchange. So this article should beaccessible to non-mathematicians with a reasonable grasp of public-key cryptography. In thenext section, we introduce pairings and their basic properties. We encourage the reader topersevere with the technicalities in this section. The reward comes in the following sections,where we describe a number of simple yet surprising applications of pairings. Firstly, weconsider key agreement protocols. After that, we introduce identity-based encryption, and

[1]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[2]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[3]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[4]  Kyung-Ah Shim Cryptanalysis of Al-Riyami-Paterson's Authenticated Three Party Key Agreement Protocols , 2003, IACR Cryptol. ePrint Arch..

[5]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[6]  Antoine Joux A One Round Protocol for Tripartite Diffie-Hellman , 2000, ANTS.

[7]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8]  Nigel P. Smart,et al.  AN IDENTITY BASED AUTHENTICATED KEY AGREEMENT PROTOCOL BASED ON THE WEIL PAIRING , 2001 .

[9]  Kenneth G. Paterson,et al.  ID-based Signatures from Pairings on Elliptic Curves , 2002, IACR Cryptol. ePrint Arch..

[10]  Jung Hee Cheon,et al.  An Identity-Based Signature from Gap Diffie-Hellman Groups , 2003, Public Key Cryptography.

[11]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[12]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[13]  M. Kasahara,et al.  A New Traitor Tracing , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[14]  John Malone-Lee,et al.  Identity-Based Signcryption , 2002, IACR Cryptol. ePrint Arch..

[15]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[16]  Ben Lynn,et al.  Authenticated Identity-Based Encryption , 2002, IACR Cryptol. ePrint Arch..

[17]  Andreas Enge,et al.  Practical Non-Interactive Key Distribution Based on Pairings , 2002, IACR Cryptology ePrint Archive.

[18]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[19]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[20]  Liqun Chen,et al.  Certification of Public Keys within an Identity Based System , 2002, ISC.

[21]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[22]  Steven D. Galbraith,et al.  Supersingular Curves in Cryptography , 2001, ASIACRYPT.

[23]  Liqun Chen,et al.  Applications of Multiple Trust Authorities in Pairing Based Cryptosystems , 2002, InfraSec.