The application of ID-based key distribution systems to an elliptic curve
A key distribution system is a system in which users securely generate a common key. One kind of identity-based key distribution system was proposed by E. Okamoto. Its security depends on the difficulty of factoring a composite number of two large primes like RSA public-key cryptosystem. Another kind of identity-based key distribution system was proposed by K. Nyberg, R.A. Rueppel. Its security depends on the difficulty of the discrete logarithm problem.
On the other hand, Koblitz and Miller described how a group of points on an elliptic curve over a finite field can be used to construct a public key cryptosystem.
In 1997, we proposed an ID-based key distribution system over an elliptic curve, as well as over a ring Z/nZ. Its security depends on the difficulty of factoring a composite number of two large primes. We showed that the system is more suitable for the implementation on an elliptic curve than on a ring Z/nZ.
In this paper, we apply the Nyberg-Rueppel ID-based key distribution system to an elliptic curve. It provides relatively small block size and high security. This public key scheme can be efficiently implemented. However the scheme requires relatively large data transmission. As a solution to this problem, we improve the scheme. The improved scheme is very efficient since the data transferred for generation of a common key is reduced to half of the previous one.
KeywordsElliptic Curve Signature Scheme Finite Field Elliptic Curf Discrete Logarithm
Unable to display preview. Download preview PDF.
- 1.E. Okamoto, “An Introduction to the Theory of Cryptography”, Kyoritsu Shuppan, 1993.Google Scholar
- 2.J.H. Silverman, J. Tate, “Rational Points on Elliptic Curves”, Springer-Verlag, 1994.Google Scholar
- 3.K. Koyama, U.M. Maurer, T. Okamoto and S. Vanstone, “New public-keyschemes based on elliptic curves over the ring Z n”, Advances in Crypt ology-Proceedings of CRYPT'91, LNCS 576, pp.252–266, 1991.Google Scholar
- 4.H. Tanaka, “Identity-Based Non-Interactive Key Sharing Scheme and Its Application to Some Cryptographic Systems”, Proceedings of Symposium on Cryptography and Information Security, SCIS'94, 1994.Google Scholar
- 5.T. Matsumoto, H. Imai, “Key Predistribution System”, The transactions of the institute of electronics information and communication engineers, Vol.J71-A, No.11, pp2046–2053, 1988.Google Scholar
- 6.C.G. Günther, “An identity-based key-exchange protocol”, Advances in Cryptology-Proceedings of EUROCRYPT'89, LNCS 434, pp.29–37, 1990.Google Scholar
- 7.K. Nyberg, R.A. Rueppel, “A New Signature Scheme Based on the DSA Giving Message Recovery”, Proceedings of 1st ACM Conference on Computer and Communications Security, 1993.Google Scholar
- 8.A. Miyaji, “A message recovery signature scheme equivalent to DSA over elliptic curves”, Advances in Cryptology-Proceedings of ASIACRYPT'96, LNCS 1163, pp.1–14, 1996.Google Scholar
- 9.A. Menezes, T. Okamoto and S. Vanstone, “Reducing elliptic curve logarithms to logarithms in a finite field”, Proceedings of 22st Annual ACM Symposium on the Theory of Computing, pp.80–89, 1991.Google Scholar
- 10.N. Koblitz, “A Course in number theory and cryptocraphy”, Springer-Verlag, 1987.Google Scholar
- 11.K. Nyberg, R.A. Rueppel, “Message recovery for signature schemes based on the discrete logarithm problem”, Advances in Cryptology-Proceedings of EUROCRYPT'94, LNCS 950, pp.182–193, 1995.Google Scholar
- 12.K. Nyberg, R.A. Rueppel, “Message recovery for signature schemes based on the discrete logarithm problem”, Designs Codes and Cryptography pp.61–81, 1996.Google Scholar
- 13.A. Miyaji, “Strengthened Message Recovery Signature Scheme”,, Proceedings of Symposium on Cryptography and Information Security, SCIS'96, 1996.Google Scholar
- 14.H. Sakazaki, E. Okamoto and M. Mambo, “ID-based Key Distribution System over Elliptic Curves”, Proceedings of Symposium on Cryptography and Information Security, SCIS'97, 1997.Google Scholar