A pairing SW implementation for Smart-Cards

The aim of this work is to show the feasibility of the primitives of the identity based cryptosystems for applications in Smart-Cards. Several observations are applied to easily choose many supersingular elliptic curves over a prime field F"p,p>3,p=3mod4, in such a way that the size of the torsion subgroup, the curve order and the finite field characteristic are of minimal Hamming weight. We modify the Chudnovsky elliptic curve point representation to settle a dedicated coordinate system for pairings and to minimize the number of operations in the finite field. The encouraging timing results obtained for ST22 Smart-Card architecture show the feasibility of pairing primitives for embedded devices.

[1]  Steven D. Galbraith,et al.  Ordinary abelian varieties having small embedding degree , 2007, Finite Fields Their Appl..

[2]  K. Brown,et al.  Graduate Texts in Mathematics , 1982 .

[3]  Michael Scott,et al.  Computing the Tate Pairing , 2005, CT-RSA.

[4]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[5]  R. Balasubramanian,et al.  The Improbability That an Elliptic Curve Has Subexponential Discrete Log Problem under the Menezes—Okamoto—Vanstone Algorithm , 1998, Journal of Cryptology.

[6]  Paulo S. L. M. Barreto,et al.  Constructing Elliptic Curves with Prescribed Embedding Degrees , 2002, SCN.

[7]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[8]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[9]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[10]  Atsuko Miyaji,et al.  Efficient Elliptic Curve Exponentiation Using Mixed Coordinates , 1998, ASIACRYPT.

[11]  Iwan M. Duursma,et al.  Tate Pairing Implementation for Hyperelliptic Curves y2 = xp-x + d , 2003, ASIACRYPT.

[12]  Frederik Vercauteren,et al.  The Eta Pairing Revisited , 2006, IEEE Transactions on Information Theory.

[13]  Ratna Dutta,et al.  Pairing-Based Cryptographic Protocols : A Survey , 2004, IACR Cryptol. ePrint Arch..

[14]  Marco Casassa Mont,et al.  A flexible role-based secure messaging service: exploiting IBE technology for privacy in health care , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[15]  Ryuji Sasaki ON ORDINARY ABELIAN VARIETIES By , 2008 .

[16]  D. Chudnovsky,et al.  Sequences of numbers generated by addition in formal groups and new primality and factorization tests , 1986 .

[17]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[18]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[19]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[20]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2004, Journal of Cryptology.

[21]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2001, EUROCRYPT.

[22]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[23]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[24]  Alfred Menezes,et al.  Pairing-Based Cryptography at High Security Levels , 2005, IMACC.

[25]  Gerhard Frey,et al.  The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems , 1999, IEEE Trans. Inf. Theory.

[26]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[27]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[28]  Paulo S. L. M. Barreto,et al.  Efficient pairing computation on supersingular Abelian varieties , 2007, IACR Cryptol. ePrint Arch..

[29]  Michael Scott,et al.  Implementing Cryptographic Pairings on Smartcards , 2006, CHES.

[30]  Kwangjo Kim,et al.  ID-Based Blind Signature and Ring Signature from Pairings , 2002, ASIACRYPT.

[31]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[32]  Paulo S. L. M. Barreto,et al.  Generating More MNT Elliptic Curves , 2006, Des. Codes Cryptogr..