1 / 46

A New Approach on Bilinear Pairings and Its Applications

A New Approach on Bilinear Pairings and Its Applications. Tatsuaki Okamoto. Are Alfred Menezes, O. and Scott Vanstone such persons by their attack to ECC in 1990? No, it is not true!. Who Used Bilinear Pairings in Cryptography for the First Time?. Unsung Hero in Pairing-Based Cryptography.

raymond-dyer
Download Presentation

A New Approach on Bilinear Pairings and Its Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A New Approach on Bilinear Pairingsand Its Applications Tatsuaki Okamoto

  2. Are Alfred Menezes, O. and Scott Vanstone such persons by their attack to ECC in 1990? No, it is not true! Who Used Bilinear Pairings in Cryptography for the First Time?

  3. Unsung Hero in Pairing-Based Cryptography Burt Kaliski In his PhD thesis in 1988, he did a pioneer work on bilinear pairings for a cryptographic application.

  4. Contents • A general construction of pseudo-random generatorsover general Abelian groups. • A typical example: construction on general elliptic curves. • It is necessary to determine the group structure of the underlying curve. Weil pairing is employed.

  5. MOV Reduction • 1988: PhD Thesis of B. Kaliski • 1990: Menezes, O. and Vanstone read his thesis and learnt the cryptographic application of the Weil pairing and Miller’s algorithm. We then found the reduction of ECDL to MDL by using the Weil pairing.

  6. Reply message from Kaliski Victor Miller visited Ron Rivest when I was a graduate student, and he met with me about my research. If I recall correctly, I asked him if he knew a way to determine whether an elliptic curve group was cyclic, and he suggested the Weil pairing. He also gave me a copy of his algorithm for computing the Weil pairing, and agreed that I could implement it for my thesis.

  7. A New Approach on Bilinear Pairingsand Its Applications Joint Work with Katsuyuki Takashima (Mitsubishi Electric)

  8. Pairing-Based Cryptography

  9. Why Did Pairing-Based Cryptography So Succeed? Mathematically Richer Structure • Traditional Crypto: genus 0 • Pairing-Based Crypto: genus 1 (e.g., Multiplicative group) (e.g., pairing-friendly elliptic curve group)

  10. Additional Math Structure with Pairings Traditional Techniques over Cyclic Groups Pairing Additional Structure as well as the Above Properties

  11. New Approach on Pairings:Constructing aRicher Structure from Pairing Groups

  12. Pairing Groups

  13. The Most Natural Way to Make a Richer Algebraic Structure from Pairing Groups Direct Product of Pairing Groups

  14. N-Dimensional Vector Spaces: • Vector Addition • Scalar multiplication

  15. N-Dimensional Vector Spaces: Canonical Bases Element Expression on Canonical Basis

  16. Duality e e

  17. Orthonormality

  18. Base Change

  19. Base Change

  20. Trapdoor hard easy

  21. Special Case: Self-Duality

  22. Abstraction: Dual Pairing Vector Spaces (DPVS)

  23. Construction of Dual Pairing Vector Spaces: • Direct product of pairing groups (e.g., product of elliptic curves) • Jocobian of supersingular hyperelliptic curves [Takashima, ANTS’08]

  24. Intractable Problems in DPVSSuitable for Cryptographic Applications • Vector Decomposition Problem (VDP) • Decisional VDP (DVDP) • Decisional Subspace Problem (DSP)

  25. Vector Decomposition Problem (VDP) hard

  26. Special Case of Vector Decomposition Problem (VDP) easy

  27. [Yoshida, Mitsunari and Fujiwara 2003], [Yoshida 2003] Introduced VDP on elliptic curves. History of Vector Decomposition Problem (VDP)

  28. [Duursma and Kiyavash 2005], [Duursma and Park 2006], VDP on hyperelliptic curves, higher dimensional ElGamal-type signatures History of Vector Decomposition Problem (VDP)

  29. [Galbraith and Verheul, PKC 2008] Introduced “distortion eigenvector basis” for VDP on elliptic curves. History of Vector Decomposition Problem (VDP)

  30. O. and Takashima (Pairing 2008): Introduced more general notion, “distortion eigenvector spaces”, for higher dimensional spaces, and showed several cryptographic applications. We also extended the concept to “dual pairing vector spaces” (Aisiacrypt 2009) for VDP and other problems, and showed an application to predicate encryption. History of Vector Decomposition Problem (VDP)

  31. Trapdoor of VDP: Algorithm Deco

  32. Decisional VDP (DVDP) DVDP Assumption Adv Adv 1 1

  33. Decisional Subspace Problem (DSP) DSP Assumption Adv Adv 1 1

  34. Relations with DDH and DLIN Problems 0 0

  35. Trapdoors for DVDP and DSP Algorithm Deco with X Pairing with Hierarchy of trapdoors (Top level trapdoor)

  36. Related Works and Properties

  37. Application to Cryptography

  38. Multivariate Homomorphic Encryption Homomorphic property

  39. Multivariate Homomorphic Encryption

  40. Predicate Encryption Scheme

  41. Summary A new approach on bilinear pairing: Dual pairing vector spaces - enjoy richer algebraic structures Cryptographic applications: - predicate encryption for inner-products - more…

  42. Thank you!

More Related