Documente Academic
Documente Profesional
Documente Cultură
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Cryptography
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
1/80
Cryptography
1 Cryptographic Tools
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
Symmetric-key cryptography
Public-key cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
2 Classic Asymmetric Crytography
Multiplicative Groups
DH & ElGamal
3 Elliptic Curves
Definition
Multiplying Points
EC over Fp
4 ECC
Digital Signature
Key Exchange
Encryption Scheme
Outline
2/80
Cryptography
Symmetric-key cryptography I
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
secret-key cryptography.
Symmetric-key encryption involves using a single key K
3/80
Cryptography
Symmetric-key cryptography II
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
4/80
Cryptography
Asymmetric-key cryptography I
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
5/80
Cryptography
Asymmetric-key cryptography II
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
6/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
7/80
Cryptography
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Asymmetric-key cryptography
IV
Public-key systems are mainly used for the following
purposes:
Encryption The sender encrypts a message with the
recipients public key.
Digital signatures A digital signature emulates a real,
physical signature by generating a digital
proof that only the creator/ sender of a
message can make, but everyone can
identify as belonging to the creator. An
encryption under the private key of the
creator serves as a signature that only the
owner of the private key can create, but
everyone with the public key can verify.
The encryption (signature) can be applied
to the complete message or to a small
8/80
Cryptography
Asymmetric-key cryptography V
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
9/80
Cryptography
Hash functions
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
10/80
Cryptography
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
11/80
Cryptography
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
12/80
Cryptography
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
13/80
Cryptography
Alice
Key Distribution
KpuA
Bob
Trivial
approximation
Digital Certificates
KpuB
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
Alice
C(KpuB,M1)
Bob
DH & ElGamal
Elliptic Curves
Definition
C(KpuA,M2)
Multiplying Points
EC over Fp
ECC
Digital Signature
spoofing attack
Alice
KpuA
Trudy
Key Exchange
Encryption Scheme
Identity-based
cryptography
KpuT <<KpuB>>
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
14/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
to do this in a shared
network?
There must be trusted
intermediaries
trusted intermediaries
N users N (N 1)
relations
Bilinear Pairings
Boneth and
Franklins IBE
15/80
Cryptography
Classic
Asymmetric
Crytography
users
Alice and Bob know only their symmetric shared key
with KDC
If there are N users, there are N shared
keys(User-KDC)
Multiplicative Groups
DH & ElGamal
Elliptic Curves
KA-KDC
Definition
Multiplying Points
EC over Fp
KB-KDC
ECC
KDC
KX-KDC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
KA-KDC
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
16/80
Cryptography
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Multiplicative Groups
DH & ElGamal
Elliptic Curves
KDC
K A-KDC(A,B)
Classic
Asymmetric
Crytography
Alice
KS generated
Definition
Bob
Multiplying Points
EC over Fp
ECC
KB-KDC(A,Ks)
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
17/80
Cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
Alice
KpuA
KpuT <<KpuB>>
Trudy
KpuT <<KpuA>>
Bob
KpuB
DH & ElGamal
Elliptic Curves
Definition
C(KpuT,M1)
C(KpuB,M1)
C(KpuA,M2)
C(KpuT,M2)
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
M1=f (M1)
M2=f (M2)
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
18/80
Cryptography
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
spoofing is needed.
It can be done by changing the DNS
DH & ElGamal
KDC
Elliptic Curves
Definition
Alice
Multiplying Points
EC over Fp
ECC
Bob
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
19/80
Cryptography
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
CA
Classic
Asymmetric
Crytography
intermediary is called
Certification
Authority(CA)
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Req?Bob
Definition
Multiplying Points
EC over Fp
Bob
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Alice
C(KprCA,{Bob,KpuB})
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
20/80
Cryptography
Certificates I
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Certification Authority(CA)
We can automatically trust with CA certificated users
With certificates, Men in the middle attack is neutralized
key
Public CA key is distributed with an auto-signed
certificate:
CA demonstrates that it knows its private key. Public
21/80
Cryptography
Certificates II
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
CRLs
long/short-lived.
Attribute certificates!
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
22/80
Cryptography
Hash Chains
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
h R h R
h
h
h
h
R
d d1 Ri R1 R0
primaryValue (R) is the secret nonce (the beginning of the hash chain). R is
only known by the generator.
currentIndex (i) is the current index of the chain.
maximumIndex (d) is the length of the chain.
baseValue (R0 ) is the last value of the hash chain. This value is typically
authenticated by some method like a digital signature. R0 is
computed by applying (d + 1) times h over R:
R0 = hd+1 (R)
currentUpdateValue (Ri ) is computed by applying (d + 1 i) times h over R:
Ri = hd+1i (R)
Checking equation:
R0 = hi (Ri ) with i d
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
23/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
One-time Passwords.
H-OCSP.
Novomodo.
Authentication of distance.
Definition
Multiplying Points
EC over Fp
TESLA.
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
24/80
Cryptography
Hash Trees I
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
N2,0
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
N0,0
N0,1
H 0,0 = h ( c0 ) H 0,1 = h ( c1 )
N0,2
N0,3
H 0,2 = h ( c2 ) H 0,3 = h ( c3 )
Boneth and
Franklins IBE
Cha & Cheons IBS
25/80
Cryptography
Hash Trees II
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
(1)
ECC
Digital Signature
Key Exchange
H0,j = h(cj ) .
(2)
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
where h is a OWHF.
To build the MHT, a set of t adjacent nodes at a given level i;
Ni,j , Ni,j+1 , . . . ,Ni,j+t1 , are combined into one node in the
26/80
Cryptography
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
(3)
At the top level there is only one node called the root. Hroot
is a digest for all the data stored in the MHT.
The sample MHT of Figure ?? is a binary tree because
adjacent nodes are combined in pairs to form a node in the
next level (t = 2) and Hroot = H2,0 .
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Definition
The Digest is defined as
Digest = {DNRDI , Hroot , Validity Period}SIGRDI
Boneth and
Franklins IBE
Cha & Cheons IBS
27/80
Cryptography
Hash Trees IV
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Definition
The Pathcj is defined as the set of cryptographic values
necessary to compute Hroot from the leaf cj .
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
28/80
Cryptography
Hash Trees V
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
(4)
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
1
To do such a thing, an attacker needs to find a pre-image of a OWHF
which is computationally infeasible by definition.
29/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Certificate issuation.
Revocation.
P2P corruption.
2-3 tree, binary, or ranges (adjacency checking).
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
30/80
Cryptography
1 Cryptographic Tools
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
Symmetric-key cryptography
Public-key cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
2 Classic Asymmetric Crytography
Multiplicative Groups
DH & ElGamal
3 Elliptic Curves
Definition
Multiplying Points
EC over Fp
4 ECC
Digital Signature
Key Exchange
Encryption Scheme
Outline
31/80
Cryptography
Groups
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
multiplication.
Formally, G =< g >= {g n where n is an integer}.
We define the order of a group as its number of
elements.
Boneth and
Franklins IBE
Cha & Cheons IBS
32/80
Cryptography
Modular Multiplication
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Let us consider: a b m
od q .
For each value of b, we take a = 1, 2, ..q 1.
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
q
b
b
b
b
=6
= 2 : {2 4 0 2 4}
= 3 : {3 0 3 0 3}
= 4 : {4 2 0 4 2}
= 5 : {5 4 3 2 1}
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
q
b
b
b
b
b
=7
= 2 : {2 4 6 1 3 5}
= 3 : {3 6 2 5 1 4}
= 4 : {4 1 5 2 6 3}
= 5 : {5 3 1 6 4 2}
= 6 : {6 5 4 3 2 1}
33/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
state that:
| a 1 mo
d b
I.e. a has an inverse modulo b: a1 = .
Proof:
lcm(a, b) = ab
Notice that if a 0 m
od b, then = b is the smallest
possible .
3 Now, if we take n 6= m and 0 m, n b, then:
ma 6 na m
od b
By contradiction. If ma na m
od b then,
a(m n) 0 m
od b
Thus, (m n) b, which contradicts statement 2.
4 Finally, by the pigeonhole principle, as all the terms
an m
od b are different values for 0 n < b one of
these terms must be 1.
1
2
34/80
Cryptography
Notation
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
is not included).
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
35/80
Cryptography
Multiplicative Groups I
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
g i m
od q .
For example, lets use each value g Z11 :
g
g
g
g
g
g
g
g
g
= 2 : {2 4 8 5 10 9 7 3 6 1 }
= 3 : {3 9 5 4 1 3 9 5 4 1 }
= 4 : {4 5 9 3 1 4 5 9 3 1 }
= 5 : {5 3 4 9 1 5 3 4 9 1 }
= 6 : {6 3 7 9 10 5 8 4 2 1 }
= 7 : {7 5 2 3 10 4 6 9 8 1 }
= 8 : {8 9 6 4 10 3 2 5 7 1 }
= 9 : {9 4 3 5 1 9 4 3 5 1 }
= 10 : {10 1 10 1 10 1 10 1 10 1 }
36/80
Cryptography
Multiplicative Groups II
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
g = 3 : {3 9 5 4 1 3 9 5 4 1 }
g = 10 : {10 1 10 1 10 1 10 1 10 1 }
The order of a group is its number of elements.
Example: the order of <3 > is 5 and the order of <10 >
is 2.
We define the order of an element a as the smallest
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
37/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
problem.
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
38/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
generating element g G.
This is done before the rest of the protocol and g is
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
39/80
Cryptography
Classic
Asymmetric
Crytography
Bob.
Bob picks a random natural number b and sends g b to
Alice.
Alice computes (g b )a .
Bob computes (g a )b .
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
element g ab .
The values of (g b )a and (g a )b are the same because
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
40/80
Cryptography
ElGamal
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
group G.
Its security depends upon the difficulty of a DL problem
in G.
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
41/80
Cryptography
Key generation
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
description of G, q and g.
Alice retains x, as her private key which must be kept
secret.
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
42/80
Cryptography
Encryption/Decryption
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
into a chiphertext m0 : m0 = m s.
Bob sends the ciphertext (c1 , c2 ) = (g y , m0 ) to Alice.
To decrypt a ciphertext, alice calculates the ephemeral
message, since
c2 s1 = m (h)y (g xy )1 = m g xy g xy = m.
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
43/80
Cryptography
1 Cryptographic Tools
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
Symmetric-key cryptography
Public-key cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
2 Classic Asymmetric Crytography
Multiplicative Groups
DH & ElGamal
3 Elliptic Curves
Definition
Multiplying Points
EC over Fp
4 ECC
Digital Signature
Key Exchange
Encryption Scheme
Outline
44/80
Cryptography
Definition
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
Definition
An elliptic curve E is defined in a standard, two dimensional x, y Cartesian
coordinate system:
E : y 2 = f (x) for a cubic or quartic polynomial f (x).
If we use a cubic form, after a change of variables, the equation takes the simpler
form:
E : y 2 = x 3 + ax + b.
The definition of elliptic curve also requires that the curve be non-singular.
Geometrically, this means that the graph has no cusps, self-intersections, or
isolated points.
Algebraically, this involves calculating the discriminant
= 16(4a3 + 27b2 )
The curve is non-singular if and only if the discriminant is not equal to zero.
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
45/80
Cryptography
Point Addition I
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
addition.
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
46/80
Cryptography
Point Addition II
Cryptographic
Tools
Symmetric-key
cryptography
E : Y2 = X3 5X + 8
R
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
P+Q
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
47/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Q = (Qx , Qy ).
We want to compute R = P + Q.
Where R = (Rx , Ry ) and R = (Rx , Ry ).
Notice that we can form two equations to express a and
b as a function of the coordinates of P and Q.
The equation of the PQ line is: (y Py ) = s(x Px )
Where s is the slope of the line:
s = (Py Qy )/(Px Qx )
Then, we can use the equations of the line and the
elliptic curve equations to find Rx .
Rx = s2 Px Qx
Finally, using the line equation and Rx :
Ry = Py + s(Px Rx )
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
48/80
Cryptography
Definition of Zero I
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
extra point: O.
This point should have the property that: P + (P) = O
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
49/80
Cryptography
Definition of Zero II
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
Q = P
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Figura: O point
Boneth and
Franklins IBE
Cha & Cheons IBS
50/80
Cryptography
Doubling a Point
Idea
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
2*P
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
51/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
52/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
P +O =O+P =P
for all P E.
P + (P) = O for all P E.
(P + Q) + R = P + (Q + R) for all P, Q, R E.
P + Q = Q + P for all P, Q E.
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
53/80
Cryptography
Point Multiplication
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
k P.
The multiplication is defined as the sum of k copies of
P: 2 P = P + P ; 3 P = P + P + P ; etc.
Point multiplication fulfills:
(a + b)P = aP + bP
To find 17P we can use:
(2P) + P + P + P + P + P + P + P + P + P + P + P +
P +P +P +P
With less computation:
(2P)+(2P)+(2P)+(2P)+(2P)+(2P)+(2P)+(2P)+P
A faster computation:
2(2(2(2P)))) + P
Boneth and
Franklins IBE
Cha & Cheons IBS
54/80
Cryptography
Finite Fields
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
real numbers.
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
accurate.
To make operations on elliptic curve accurate and more
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
55/80
Cryptography
EC over Fp I
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
56/80
Cryptography
EC over Fp II
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
3Px2 +a
2Py
m
od p
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
57/80
Cryptography
Example E over F5
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
If we take E : y 2 = x 3 + 2x + 3 mod 5
x
x
x
x
x
= 0 y2
= 1 y2
= 2 y2
= 3 y2
= 4 y2
= 3 no solution mo
d 5
= 6 = 1 y = 1, 4 m
od 5
= 15 = 0 y = 0 m
od 5
== 36 = 1 y = 1, 4 m
od 5
= 75 = 0 y = 1, 4 m
od 5
Then points on the elliptic curve are (1, 1)(1, 4)(2, 0)(3, 1)(3, 4)(4, 0) and
the point at infinity .
Notice that like in R there are two points for every x value (except for points
on the x-axis (y=0)).
Recall that elliptic curves over real numbers, there exists a negative point for
each point which is reflected through the x-axis.
Over the finite field F5 , the negative components in the y-values are taken
modulo 5: P = (Px , (Py m
od 5)).
s = (1 4) (3 1)1 = 3 21 = 2(3) = 6 = 1 mo
d 5
Qx = 1 1 3 = 2 m
od 5
Qy = 1(1 2) 4 = 0 m
od 5
Boneth and
Franklins IBE
Cha & Cheons IBS
58/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
60/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
sextuple: T = (p, a, b, G, n, h)
Where:
p is the order of the curve, that is to say, an integer
equation: E : y 2 = x 3 + ax + b m
od p
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
61/80
Cryptography
1 Cryptographic Tools
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
Symmetric-key cryptography
Public-key cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
2 Classic Asymmetric Crytography
Multiplicative Groups
DH & ElGamal
3 Elliptic Curves
Definition
Multiplying Points
EC over Fp
4 ECC
Digital Signature
Key Exchange
Encryption Scheme
Outline
62/80
Cryptography
Motivation
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Main motivation
Elliptic curve cryptography (ECC) offers considerably
greater security than other existing asymmetric
cryptographic schemes for a given key size.
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
ECC
163
256
384
512
RSA
1024
3072
7680
15360
AES
128
192
256
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
63/80
Cryptography
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
message M to Bob.
To decrypt the ciphertext, Bob:
Takes kG and computes dB kG.
M = (M + (kQB )x ) (dB kG)x = M
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
64/80
Cryptography
ECDH I
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
agreement protocol.
ECDH allows two parties to establish a shared secret
other.
Using this public data and their own private data these
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
65/80
Cryptography
ECDH II
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
66/80
Cryptography
ECIES I
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
67/80
Cryptography
ECIES II
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
68/80
Cryptography
ECIES III
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
69/80
Cryptography
1 Cryptographic Tools
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
Symmetric-key cryptography
Public-key cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
2 Classic Asymmetric Crytography
Multiplicative Groups
DH & ElGamal
3 Elliptic Curves
Definition
Multiplying Points
EC over Fp
4 ECC
Digital Signature
Key Exchange
Encryption Scheme
Outline
70/80
Cryptography
Introduction I
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Basic concept:
Alice (the sender) can use any receivers information
such as email, an IP address or even a digital image to
encrypt a message.
Bob (the receiver) can decrypt the ciphertext.
To do so, Bob has to obtain a private key associated
with his identifier information from a TTP.
This TTP is called Private Key Generator (PKG).
This concept was proposed by Shamir in 1984 [xx].
Shamir easily constructed an identity-based signature
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
71/80
Cryptography
Introduction II
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
bilinear pairings.
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
72/80
Cryptography
Bilinear Pairings I
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
prime q.
The group G1 is subgroup of the additive group of
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
73/80
Cryptography
Bilinear Pairings II
Cryptographic
Tools
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
following properties:
Bilinear: We say that a map : G1 G1 G2 is
bilinear if (aP,bQ) = (P,Q)ab
for all P, Q G1 and all a, b Z.
2 Non-degenerate: The map does not send all pairs in
G1 G1 to the identity in G2 .
Observe that since G1 and G2 are groups of prime
order, this implies that if P is a generator of G1 then
(P,P) is a generator of G2 .
3 Computable: There is an efficient algorithm to compute
(P,Q) for any P, Q G1 .
1
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
74/80
Cryptography
Cryptographic
Tools
Bilinear Diffie-Hellman
Assumption
Symmetric-key
cryptography
Public-key
cryptography
Hash Functions
Key Distribution
Digital Certificates
Hash constructions
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
75/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
key pairs (a, aP), (b, bP), and (c, cP) where a, b and
c Zq and are chosen at random.
aP ,bP, and cP G1 .
Without the bilinear pairing, to share the same key, a
number of interactions must be conducted by the three
persons.
With bilinear pairing just one round is needed.
Alice, Bob, and Chris compute respectively
(bP, cP)a ,(aP, cP)b and (aP, bP)c .
It is easy to see that they are the same value, in fact
equal to (P, P)abc .
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
76/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
77/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
78/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
Key Exchange
Encryption Scheme
Identity-based
cryptography
bilinear pairing.
In the setup stage, the PKG specifies a group G
random from Zq
The PKG computes a public key Ppkg = sP and
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
79/80
Cryptography
Classic
Asymmetric
Crytography
Multiplicative Groups
DH & ElGamal
Elliptic Curves
Definition
Multiplying Points
EC over Fp
ECC
Digital Signature
computing:
U = rQalice
V = (r + h)Dalice
r is chosen at random from Zq .
h = h2 (m, U) where h Zq .
Bob, the verifier, can verify the validity of Alices
Key Exchange
Encryption Scheme
Identity-based
cryptography
Introduction
Bilinear Pairings
Boneth and
Franklins IBE
Cha & Cheons IBS
80/80