Cryptographic schemes based on elliptic curve pairings

Cryptographic Schemes based on Elliptic Curve Pairings: Contributions to Public Key Cryptography and Key Agreement Protocols This thesis introduces the concept of certificateless public key cryptography (CLPKC). Elliptic curve pairings are then used to make concrete CL-PKC schemes and are also used to make other efficient key agreement protocols. CL-PKC can be viewed as a model for the use of public key cryptography that is intermediate between traditional certificated PKC and ID-PKC. This is because, in contrast to traditional public key cryptographic systems, CL-PKC does not require the use of certificates to guarantee the authenticity of public keys. It does rely on the use of a trusted authority (TA) who is in possession of a master key. In this respect, CL-PKC is similar to identity-based public key cryptography (ID-PKC). On the other hand, CL-PKC does not suffer from the key escrow property that is inherent in ID-PKC. Applications for the new infrastructure are discussed. We exemplify how CL-PKC schemes can be constructed by constructing several certificateless public key encryption schemes and modifying other existing ID based schemes. The lack of certificates and the desire to prove the schemes secure in the presence of an adversary who has access to the master key or has the ability to replace public keys, requires the careful development of new security models. We prove that some of our schemes are secure, provided that the Bilinear Diffie-Hellman Problem is hard. We then examine Joux’s protocol [90], which is a one round, tripartite key agreement protocol that is more bandwidth-efficient than any previous three-party key agreement protocol, however, Joux’s protocol is insecure, suffering from a simple man-in-the-middle attack. We shows how to make Joux’s protocol secure, presenting several tripartite, authenticated key agreement protocols that still require only one round of communication. The security properties of the new protocols are studied. Applications for the protocols are also discussed.

[1]  Joonsang Baek,et al.  Identity-Based Threshold Decryption , 2004, Public Key Cryptography.

[2]  Jean-Jacques Quisquater,et al.  Efficient Signcryption with Key Privacy from Gap Diffie-Hellman Groups , 2004, Public Key Cryptography.

[3]  Marc Girault,et al.  Self-Certified Public Keys , 1991, EUROCRYPT.

[4]  Neal Koblitz,et al.  Algebraic aspects of cryptography , 1998, Algorithms and computation in mathematics.

[5]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[6]  Alexandra Boldyreva,et al.  Efficient threshold signature , multisignature and blind signature schemes based on the Gap-Diffie-Hellman-group signature scheme , 2002 .

[7]  Theodoulos Garefalakis,et al.  Public key infrastructure in mobile systems , 2002 .

[8]  Moti Yung,et al.  Exposure-resilience for free: the hierarchical ID-based encryption case , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[9]  Tatsuaki Okamoto,et al.  How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[10]  Charles Adams,et al.  Understanding Public-Key Infra-structure: Concepts, Standards, and Deployment Con-siderations , 1999 .

[11]  Nigel P. Smart Access Control Using Pairing Based Cryptography , 2003, CT-RSA.

[12]  Emmanuel Bresson,et al.  Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions , 2002, EUROCRYPT.

[13]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[14]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[15]  A. W. Roscoe Intensional specifications of security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[16]  Liqun Chen,et al.  Certification of Public Keys within an Identity Based System , 2002, ISC.

[17]  Kyung-Ah Shim,et al.  Efficient one round tripartite authenticated key agreement protocol from Weil pairing , 2003 .

[18]  Masao Kasahara,et al.  ID based Cryptosystems with Pairing on Elliptic Curve , 2003, IACR Cryptol. ePrint Arch..

[19]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[20]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[21]  Eric R. Verheul,et al.  Self-Blindable Credential Certificates from the Weil Pairing , 2001, ASIACRYPT.

[22]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[23]  Nigel P. Smart,et al.  AN IDENTITY BASED AUTHENTICATED KEY AGREEMENT PROTOCOL BASED ON THE WEIL PAIRING , 2001 .

[24]  Mike Scott,et al.  Authenticated ID-based Key Exchange and remote log-in with simple token and PIN number , 2002, IACR Cryptol. ePrint Arch..

[25]  Igor E. Shparlinski,et al.  Secure Bilinear Diffie-Hellman Bits , 2004, ACISP.

[26]  Xavier Boyen,et al.  Multipurpose Identity-Based Signcryption (A Swiss Army Knife for Identity-Based Cryptography) , 2003, CRYPTO.

[27]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[28]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[29]  Gene Tsudik,et al.  Simple Identity-Based Cryptography with Mediated RSA , 2003, CT-RSA.

[30]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.

[31]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[32]  Dengguo Feng,et al.  Attack on an Identification Scheme Based on Gap Diffie-Hellman Problem , 2003, IACR Cryptol. ePrint Arch..

[33]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[34]  Paul Hoffman,et al.  Features of Proposed Successors to IKE , 2002 .

[35]  Paulo S. L. M. Barreto,et al.  Constructing Elliptic Curves with Prescribed Embedding Degrees , 2002, SCN.

[36]  Alfred Menezes,et al.  An Efficient Protocol for Authenticated Key Agreement , 2003, Des. Codes Cryptogr..

[37]  John Malone-Lee,et al.  Identity-Based Signcryption , 2002, IACR Cryptol. ePrint Arch..

[38]  Kwangjo Kim,et al.  A New ID-based Group Signature Scheme from Bilinear Pairings , 2003, IACR Cryptol. ePrint Arch..

[39]  Dan Boneh,et al.  A Secure Signature Scheme from Bilinear Maps , 2003, CT-RSA.

[40]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[41]  Kenneth G. Paterson,et al.  ID-based Signatures from Pairings on Elliptic Curves , 2002, IACR Cryptol. ePrint Arch..

[42]  Ahto Buldas,et al.  Optimally Efficient Accountable Time-Stamping , 2000, Public Key Cryptography.

[43]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[44]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[45]  Mihir Bellare,et al.  Lecture Notes on Cryptography , 2001 .

[46]  Kwangjo Kim,et al.  ID-Based Blind Signature and Ring Signature from Pairings , 2002, ASIACRYPT.

[47]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[48]  Kyung-ah Shim A Man-in-the-middle attack on Nalla-Reddy's ID-based Tripartite Authenticated Key Agreement Protocol , 2003 .

[49]  Chae Hoon Lim,et al.  A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp , 1997, CRYPTO.

[50]  Kwangjo Kim,et al.  ID-Based One Round Authenticated Tripartite Key Agreement Protocol with Pairings , 2002, IACR Cryptol. ePrint Arch..

[51]  Mihir Bellare,et al.  Optimal Asymmetric Encryption-How to Encrypt with RSA , 1995 .

[52]  Kenneth G. Paterson,et al.  Authenticated Three Party Key Agreement Protocols from Pairings , 2002 .

[53]  Reihaneh Safavi-Naini,et al.  New Proxy Signature, Proxy Blind Signature and Proxy Ring Signature Schemes from Bilinear Pairing , 2003, IACR Cryptol. ePrint Arch..

[54]  Mihir Bellare,et al.  Protecting against key-exposure: strongly key-insulated encryption with optimal threshold , 2005, Applicable Algebra in Engineering, Communication and Computing.

[55]  Shahrokh Saeednia Identity-Based and Self-Certified Key-Exchange Protocols , 1997, ACISP.

[56]  Authenticated ID-based Key Exchange and Remote Log-in with Insecure Token and PIN Number , 2002 .

[57]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[58]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[59]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[60]  Hyang-Sook Lee,et al.  IDENTITY BASED AUTHENTICATED KEY AGREEMENT FROM PAIRINGS , 2005 .

[61]  Hung-Min Sun,et al.  Security Analysis of Shim's Authenticated Key Agreement Protocols from Pairings , 2003, IACR Cryptol. ePrint Arch..

[62]  Myungsun Kim A New Identification Scheme based on the Gap Die-Hellman Problem , 2002 .

[63]  Hideki Imai,et al.  ON SEEKING SMART PUBLIC-KEY-DISTRIBUTION SYSTEMS. , 1986 .

[64]  Steven D. Galbraith,et al.  Supersingular Curves in Cryptography , 2001, ASIACRYPT.

[65]  Kwangjo Kim,et al.  A New Identification Scheme Based on the Bilinear Diffie-Hellman Problem , 2002, ACISP.

[66]  Toshiya Itoh,et al.  An ID-based cryptosystem based on the discrete logarithm problem , 1989, IEEE J. Sel. Areas Commun..

[67]  Zhongliang Chen Security analysis on Nalla-Reddy's ID-based tripartite authenticated key agreement protocols , 2003, IACR Cryptol. ePrint Arch..

[68]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[69]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[70]  N. Smart,et al.  The equivalence between the DHP and DLP for elliptic curves used in practical applications , 2004 .

[71]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[72]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[73]  Tzong-Chen Wu,et al.  A Structured Multisignature Scheme from the Gap Diffie-Hellman Group , 2003, IACR Cryptol. ePrint Arch..

[74]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[75]  Matthew K. Franklin,et al.  Intrusion-Resilient Public-Key Encryption , 2003, CT-RSA.

[76]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[77]  Ben Lynn,et al.  Authenticated Identity-Based Encryption , 2002, IACR Cryptol. ePrint Arch..

[78]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[79]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[80]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[81]  Andreas Enge,et al.  Building Curves with Arbitrary Small MOV Degree over Finite Prime Fields , 2004, Journal of Cryptology.

[82]  Byoungcheon Lee,et al.  Self-Certificate: PKI using Self-Certified Key , 2000 .

[83]  Liqun Chen,et al.  Applications of Multiple Trust Authorities in Pairing Based Cryptosystems , 2002, InfraSec.

[84]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[85]  Gerhard Frey,et al.  The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems , 1999, IEEE Trans. Inf. Theory.

[86]  Dan Boneh,et al.  A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[87]  Leonard M. Adleman,et al.  The function field sieve , 1994, ANTS.

[88]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[89]  Peter Gutmann,et al.  PKI: It's Not Dead, Just Resting , 2002, Computer.

[90]  Colin Boyd Towards Extensional Goals in Authentication Protocols , 1997 .

[91]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[92]  Chris J. Mitchell,et al.  Key control in key agreement protocols , 1998 .

[93]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2001, Journal of Cryptology.

[94]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[95]  Hatsukazu Tanaka A Realization Scheme for the Identity-Based Cryptosystem , 1987, CRYPTO.

[96]  Ueli Maurer,et al.  Non-interactive Public-Key Cryptography , 1991, EUROCRYPT.

[97]  Alfred Menezes,et al.  Authenticated Diffie-Hellman Key Agreement Protocols , 1998, Selected Areas in Cryptography.

[98]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[99]  Jung Hee Cheon,et al.  An Identity-Based Signature from Gap Diffie-Hellman Groups , 2003, Public Key Cryptography.

[100]  Andreas Enge,et al.  Provably secure non-interactive key distribution based on pairings , 2006, Discret. Appl. Math..

[101]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[102]  Yvo Desmedt,et al.  Public-Key Systems Based on the Difficulty of Tampering (Is There a Difference Between DES and RSA?) , 1986, CRYPTO.

[103]  Shahrokh Saeednia,et al.  A note on Girault's self-certified model , 2003, Inf. Process. Lett..

[104]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[105]  Jung Hee Cheon A Universal Forgery of Hess's Second ID-based Signature against the Known-message Attack , 2002, IACR Cryptol. ePrint Arch..

[106]  K. C. Reddy,et al.  Identity Based Authenticated Group Key Agreement Protocol , 2002, INDOCRYPT.

[107]  Kyung-Ah Shim Efficient ID-based authenticated key agreement protocol based on Weil pairing , 2003 .

[108]  Don Coppersmith Evaluating logarithms in GF(2n) , 1984, STOC '84.

[109]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[110]  Jean-Jacques Quisquater,et al.  Efficient revocation and threshold pairing based cryptosystems , 2003, PODC '03.

[111]  Iwan M. Duursma,et al.  Tate-pairing implementations for tripartite key agreement , 2003, IACR Cryptol. ePrint Arch..

[112]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[113]  K. C. Reddy,et al.  Signcryption scheme for Identity-based Cryptosystems , 2003, IACR Cryptol. ePrint Arch..

[114]  Bart Preneel Design of a Timestamping System , 1998 .

[115]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[116]  Kyung-Ah Shim Cryptanalysis of Al-Riyami-Paterson's Authenticated Three Party Key Agreement Protocols , 2003, IACR Cryptol. ePrint Arch..

[117]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[118]  Tzong-Chen Wu,et al.  An identity-based ring signature scheme from bilinear pairings , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..

[119]  Antoine Joux,et al.  The Function Field Sieve Is Quite Special , 2002, ANTS.

[120]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[121]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[122]  Antti Huima,et al.  Using multimodal logic to express conflicting interests in security protocols in proceedings of DIMACS Workshop on Design and formal verification of security protocols , 1997 .

[123]  Patrick Horster,et al.  Self-certified keys — Concepts and Applications , 1997 .

[124]  M. Kasahara,et al.  A New Traitor Tracing , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[125]  Ratna Dutta,et al.  An n-party Key Agreement Scheme using Bilinear Map , 2003 .

[126]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[127]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[128]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[129]  Reihaneh Safavi-Naini,et al.  Attack on Han et al.'s ID-based confirmer (undeniable) signature at ACM-EC'03 , 2005, Appl. Math. Comput..

[130]  Detlef Hühnlein,et al.  Towards Practical Non-interactive Public Key Cryptosystems Using Non-maximal Imaginary Quadratic Orders , 2000, Selected Areas in Cryptography.

[131]  Frederik Vercauteren,et al.  Function Field Sieve in Characteristic Three , 2004, ANTS.

[132]  Eiji Okamoto,et al.  Key Distribution Systems Based on Identification Information , 1987, CRYPTO.

[133]  Burton S. Kaliski,et al.  An unknown key-share attack on the MQV key agreement protocol , 2001, ACM Trans. Inf. Syst. Secur..

[134]  Antoine Joux,et al.  Separating Decision Diffie-Hellman from Diffie-Hellman in cryptographic groups , 2001, IACR Cryptology ePrint Archive.

[135]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[136]  Mike Burmester,et al.  On the Risk of Opening Distributed Keys , 1994, CRYPTO.

[137]  K. C. Reddy,et al.  ID-based tripartite Authenticated Key Agreement Protocols from pairings , 2003, IACR Cryptol. ePrint Arch..

[138]  Byoungcheon Lee,et al.  Self-certified Signatures , 2002, INDOCRYPT.

[139]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.