Abstract
The Weil and Tate pairings are a popular new gadget in cryptography and have found many applications, including identity-based cryptography. In particular, the pairings have been used for key exchange protocols.
This paper studies the bit security of keys obtained using protocols based on pairings (that is, we show that obtaining certain bits of the common key is as hard as computing the entire key). These results give insight into how many “hard-core” bits can be obtained from key exchange using pairings.
The results are of practical importance. For instance, Scott and Barreto have recently used our results to justify the security of their compressed pairing technique.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Al-Riyami, S., Paterson, K.G.: Tripartite Authenticated Key Agreement Protocols from Pairings. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 332–359. Springer, Heidelberg (2003)
Baker, R.C., Harman, G.: Shifted primes without large prime factors. Acta Arithm. 83, 331–361 (1998)
Boneh, D., Franklin, M.: Identity-based encryption from theWeil pairing. SIAM J. Comp. 32, 586–615 (2003)
Boneh, D., Halevi, S., Howgrave-Graham, N.A.: The modular inversion hidden number problem. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 36–51. Springer, Heidelberg (2001)
Boneh, D., Shparlinski, I.E.: On the unpredictability of bits of the elliptic curve Diffie–Hellman scheme. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 201–212. Springer, Heidelberg (2001)
Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in Diffie–Hellman and related schemes. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 129–142. Springer, Heidelberg (1996)
Frey, G., Rück, H.-G.: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comp. 62, 865–874 (1994)
Galbraith, S.D.: Supersingular curves in cryptography. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 495–513. Springer, Heidelberg (2001)
Goldman, M., Näslund, M., Russell, A.: Complexity bounds on general hard-core predicates. J. Cryptology 14, 177–195 (2001)
González Vasco, M.I., Näslund, M.: A survey of hard core functions. In: Proc. Workshop on Cryptography and Computational Number Theory, Singapore, Birkhäuser, pp. 227–256 (1999)
González Vasco, M.I., Shparlinski, I.E.: On the security of Diffie–Hellman bits. In: Proc. Workshop on Cryptography and Computational Number Theory, Singapore, Birkhäuser, pp. 257–268 (1999)
González Vasco, M.I., Shparlinski, I.E.: Security of the most significant bits of the Shamir message passing scheme. Math. Comp. 71, 333–342 (2002)
Håstad, J., Näslund, M.: The security of individual RSA and discrete log bits. J. of the ACM (to appear)
Howgrave-Graham, N.A., Nguyen, P.Q., Shparlinski, I.E.: Hidden number problem with hidden multipliers, timed-release crypto and noisy exponentiation. Math. Comp. 72, 1473–1485 (2003)
Joux, A.: A one round protocol for tripartite Diffie–Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–393. Springer, Heidelberg (2000)
Joux, A.: The Weil and Tate pairings as building blocks for public key cryptosystems. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 20–32. Springer, Heidelberg (2002)
Li, W.-C.W., Näslund, M., Shparlinski, I.E.: The hidden number problem with the trace and bit security of XTR and LUC. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 433–448. Springer, Heidelberg (2002)
Lidl, R., Niederreiter, H.: Finite fields. Cambridge University Press, Cambridge (1997)
Miller, V.: Short programs for functions on curves (1986) (preprint)
Menezes, A.J., Okamoto, T., Vanstone, S.A.: ‘Reducing elliptic curve logarithms to logarithms in a finite field’. IEEE Trans. Inf. Theory 39, 1639–1646 (1993)
Rubin, K., Silverberg, A.: Supersingular abelian varieties in cryptology. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 336–353. Springer, Heidelberg (2002)
Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: Proc. of SCIS 2000, Okinawa, Japan (2000)
Schnorr, C.P.: Security of almost all discrete log bits. Electronic Colloq. on Comp. Compl., Univ. of Trier, TR98-033, 1–13 (1998)
Scott, M., Barreto, P.S.L.M.: Compressed pairings. Cryptology ePrint Archive, Report 2004/032
Shparlinski, I.E.: On the generalized hidden number problem and bit security of XTR. In: Bozta, S., Sphparlinski, I. (eds.) AAECC 2001. LNCS, vol. 2227, pp. 268–277. Springer, Heidelberg (2001)
Smart, N.P.: An identity based authenticated key agreement protocol based on the Weil pairing. Electronics Letters 38, 630–632 (2002)
Verheul, E.R.: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 195–210. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Galbraith, S.D., Hopkins, H.J., Shparlinski, I.E. (2004). Secure Bilinear Diffie-Hellman Bits. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds) Information Security and Privacy. ACISP 2004. Lecture Notes in Computer Science, vol 3108. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-27800-9_32
Download citation
DOI: https://doi.org/10.1007/978-3-540-27800-9_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22379-5
Online ISBN: 978-3-540-27800-9
eBook Packages: Springer Book Archive