1 / 17

Pairing Based Cryptography Standards

Pairing Based Cryptography Standards. Terence Spies VP Engineering Voltage Security terence@voltage.com. Overview. What is a Pairing? Pairing-based Crypto Applications Pairing-based Crypto Standards. What is a Pairing?. An old mathematical idea It “pairs” elliptic curve points

calhoun
Download Presentation

Pairing Based Cryptography Standards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security terence@voltage.com

  2. Overview • What is a Pairing? • Pairing-based Crypto Applications • Pairing-based Crypto Standards

  3. What is a Pairing? • An old mathematical idea • It “pairs” elliptic curve points • Has a very interesting property called bilinearity: Pair(aB, cD) = Pair(cB, aD) • This property makes for a powerful new cryptographic primitive • Popular cryptographic research area (200+ papers)

  4. What can Pairings do? • Identity based encryption • Encryption where any string (like an email address) can be a public key • Identity based key exchange • Key exchange using identities • Short signatures • 160-bit signatures • Searchable encryption, and others

  5. Identity-Based Encryption (IBE) • IBE is an old idea • Originally proposed by Adi Shamir, co-inventor of the RSA Algorithm in 1984 • Fundamental problem: can any string be used as a public key? • Practical implementation: • Boneh-Franklin Algorithm published at Crypto 2001 • First efficient, provably secure IBE scheme

  6. Identity-Based Encryption (IBE) The ability to use any string makes key management easier • IBE Public Key: alice@gmail.com • RSA Public Key: Public exponent=0x10001 Modulus=13506641086599522334960321627880596993888147 560566702752448514385152651060485953383394028715 057190944179820728216447155137368041970396419174 304649658927425623934102086438320211037295872576 235850964311056407350150818751067659462920556368 552947521350085287941637732853390610975054433499 9811150056977236890927563

  7. ReceivesPrivate Keyfor bob@b.com 2 Requests private key, authenticates 3 1 4 Bob decrypts withPrivate Key Alice encrypts with bob@b.com How IBE works in practiceAlice sends a Message to Bob Key Server bob@b.com bob@b.com alice@a.com

  8. Fully off-line - no connection to server required 1 2 Bob decrypts withPrivate Key Charlie encrypts with bob@b.com How IBE works in practiceCharlie sends a Message to Bob Key Server bob@b.com charlie@c.com bob@b.com

  9. How Pairings Lead to IBE • Setup • Key generator generates secret s, random P • Gives everyone P, sP • Encryption • Alice hashes Bob@b.com -> ID • Encrypt message with k = Pair(rID, sP) • Send encrypted message and rP • Key Generation • Bob authenticates, asks for private key • Key generator gives back sID • Decrypt • Bob decrypts with k = Pair(sID, rP) • Bob’s k and Alice’s k are identical

  10. IBE’s Operational Characteristics • Easy cross-domain encryption • No per-user databases • No per-user queries to find keys • State of the system does not grow per user • Key recovery • Accomodates content scanning, anti-virus, archiving and other regulatory mechanisms • Keys still under control of enterprise • Fine-grained key control • Easy to change authentication policy over time • Revocation handled without CRLs

  11. Sweet Spots for PKI • Authentication • Signing • Inside the organization Sweet Spots for IBE • Encryption • Inside and outside the organization IBE and PKI - Complementary Strengths PKI • Maximum protection • Works well for signing/authentication • Requires roll-out • generate keys for users • Certificate managment Identity-Based Encryption • Good for encryption • no key-lookup • revocation is easy • Ad-hoc capable • requires no pre-enrollment • Content scanning easy

  12. Other Pairing Applications • Short Signatures • BLS scheme and others yield 160-bit signatures • Half the size of DSA signatures • Have other interesting properties • Can aggregate signatures • Allows, for example, a single signature on a cert chain • Verifiable encrypted signatures • Use in fair exchange, other protocols • Searchable Encryption • Key Exchange

  13. Standards Activities • IEEE Study Group formed last Monday, as part of the P1363 Group • Goal is writing and submitting a PAR, defining the mission of the standards group • 24 participants from various countries and industries • Technical content drafts soon • Pairings module: Hovav Shacham, Stanford • IBE module: Mike Scott, Dublin City University • Draft PAR agreed, to be submitted

  14. Standards Philosophy • Model after past IEEE cryptographic standards • Standardize algorithms, but not protocols • e.g. formats for IBE encrypted email would be part of a different standard • Don’t block future standards based on PBC • Allow for amendments that build on parts of this standard • Separate IBE and PBC layers • Limit scope to keep the task manageable • Focus on one set of algorithms, split off other types of algorithms into separate standards

  15. IBE based Protocolse.g. IBE email, key request etc. Proposed Structure of an PBC/IBE StandardPairing Based Crypto Layer and Algorithm Layers Other stds Identity based key exchange Signatures Identity-Based Encryption 1363 Pairing Based Cryptography e.g. pairing, algorithms to compute pairings, curve types, curve parameters

  16. Current Discussion Points • Scaling Security to 128/256 bits • Separation between pairing layer and crypto methods • Curve families for embedded and hardware implementation

  17. For More Information • On 1363 activities: http://grouper.ieee.org/groups/1363/WorkingGroup/ • On pairing based crypto • Paulo Barreto’s Pairing Based Crypto Lounge http://paginas.terra.com.br/informatica/paulobarreto/pblounge.htm • On IBE http://crypto.stanford.edu/ibe/ http://www.voltage.com

More Related