[Resource Topic] 2010/388: On the Efficiency and Security of Pairing-Based Protocols in the Type 1 and Type 4 Settings

Welcome to the resource topic for 2010/388

Title:
On the Efficiency and Security of Pairing-Based Protocols in the Type 1 and Type 4 Settings

Authors: Sanjit Chatterjee, Darrel Hankerson, Alfred Menezes

Abstract:

We focus on the implementation and security aspects of cryptographic protocols that use Type 1 and Type 4 pairings. On the implementation front, we report improved timings for Type 1 pairings derived from supersingular elliptic curves in characteristic 2 and 3 and the first timings for supersingular genus-2 curves in characteristic 2 at the 128-bit security level. In the case of Type 4 pairings, our main contribution is a new method for hashing into {\mathbb G}_2 which makes the Type 4 setting almost as efficient as Type 3. On the security front, for some well-known protocols we discuss to what extent the security arguments are tenable when one moves to genus-2 curves in the Type 1 case. In Type 4, we observe that the Boneh-Shacham group signature scheme, the very first protocol for which the Type 4 setting was introduced in the literature, is trivially insecure, and we describe a small modification that appears to restore its security.

ePrint: https://eprint.iacr.org/2010/388

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .