




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Test cases and implementation details for Tate pairing using Elliptic Nets algorithm. It covers the development procedure, integration with existing pairing-based cryptosystems, and the use of BN-Curves for Tate pairing in both algorithms. The document also includes sample test cases to verify the correct implementation of Elliptic Nets algorithm with Tate pairing over different curves.
Typology: Lecture notes
1 / 117
This page cannot be seen from the preview
Don't miss anything!





























































































Department of Computer Science National University of Ireland, Maynooth Co. Kildare Ireland
This thesis submitted in partial fulfilment of the requirements for the M.Sc Degree in Software Engineering
Supervisor: Dr. Joe Timoney October 2010
I hereby certify that this material, which I now submit for assessment on the program of study leading to the award of Master of Science in Computer Science by Research, is entirely my own work and has not been taken from the work of others save and to the extent that such work has been cited and acknowledged within the text of my work.
Signed: Date:
With my deepest affections and appreciations I would like to thank my su- pervisor, Dr. Joe Timoney, for his guidance, support and encouragement throughout this project. I also would like to thank IRCSET, Claude Shan- non Institute and the computer science in NUI Maynooth for their financial and technical support in the past three years. Finally many thanks to my family and my friends for their support and encouragement.
4.6 Flow of Generation of Random Point R on E′^ : y^2 = x^3 + B. 73 4.7 Comparison of the Two TatePairing Classes.......... 77 4.8 System View........................... 80
5.1 Control Flow Graph of TatePairing(int bits, int curveType) Generated by Visustin [1].................... 98 5.2 Comparison of Computation Time for Miller’s Algorithm with the Elliptic Nets Algorithm on Supersingular Curves as the Length of p is increasing..................... 103 5.3 The Relationship between the Length of P and the Difference of the Time Cost between the Two Algorithms........ 104 5.4 Comparison of Computation Time for Miller’s Algorithm with the Elliptic Nets Algorithm on BN-Curves as the Length of p is increasing............................ 105
phy. Thus, the goal of this thesis is to apply a software engineering approach to the design, implementation and testing of a practical paring based cryp- tosystem that is founded on the theory of Elliptic nets. Its contribution is to implement a Java Elliptic Nets API, to modify the existing BIO-IBS sys- tem [13], to compute the Tate pairing through both Miller’s algorithm and the Elliptic Nets algorithm, to implement a more secure type of curves, and to compare the two Tate pairing computation algorithms for performance at different security levels with the two types of curves. This is the first Java structured implementation of Elliptic Nets and the first system to offer developers a choice of algorithm in the Tate pairing calculation.
The word Cryptography comes from Greek "Kryto´"(hidden) and "gr´apho"(to write) [39]. It is the science of hiding the meaning of information. Generally speaking, it can be synonymous with the conversion of information. It is usu- ally applied to avoid unwanted people reading the information. Prior to the early 20 th^ century, cryptography was chiefly concerned with linguistic and lexicographic patterns. Since then cryptography intersects the disciplines of mathematics, computer science and engineering, derived using mathemati- cal algorithms and implemented using software that runs on computers or embedded processors. These new forms of cryptography are strongly driven by rapid advances in computer communications technologies. Cryptography is becoming necessary when sensitive data is being transacted over any un- trusted medium. It provides the services such as keeping secrets from an unexpected audience, authentication with a signature, verification of data integrity, and security certificates for the communications.
12
Modern cryptography can be categorized into symmetric ciphers, asymmetric ciphers and hash functions according to the number of keys. The symmetric cipher only has one private key and this key is used for both encryption and decryption. The examples of symmetric ciphers include DES(Data Encryp- tion Standard), triple-DES, AES(Advanced Encryption Standard), CAST- 128, CAST-256, One-time Pad, RC4, DES-X, IDEA(International Data En- cryption Algorithm) [39]. The asymmetric cipher, also known as public key cryptography (PKC), involves two keys: a private key for decryption and a public key for encryption. The well-known asymmetric ciphers are El Gamal, RSA, Elliptic Curve Cryptography(ECC), McEliece and NTRUEncypt [39]. The cryptographic hash functions, also called message digests, are often used to encrypt passwords and provide a measure of the data integrity. The hash functions in common use today include MD5, SHA1, SHA-256, SHA-512 and
to encrypt or decrypt data([55, 33, 60]). In the 1990’s, many cryptographic schemes were based on the Discrete Log- arithm Problem (DLP)([62]) which is presumed to be a hard mathematical problem, and thus it is the basis of new cryptography schemes such as El Gama and ECC mentioned in Section 1.2.2. Pairing was shown to attack such schemes successfully [36, 23]. In [36], Menezes, Vanstone, and Okamoto proved and used the Weil pairing to reveal the weakness of supersingular curves (see Section 2.3.1). Later on, Frey and Ruck published their attack (FR attack) with Tate pairing in 1994 [23] to break the DLP-based cryp- tography. This drove a new need for more complex cryptographic schemes. However, for implementation purposes, they need to be efficient. Otherwise, a trade-off between efficiency and security is required.
In reverse to pairing based attacks, pairing is also useful for designing com- plex cryptographic schemes, particularly in pairing-based elliptic curve cryp- tography [34]. This is a new asymmetric cipher technique and it has exploded over the past six years [20]. The central idea is the construction of a map- ping between two useful cryptographic groups: G 1 and G 2 which allows for cryptographic schemes based on the reduction of one problem in one group to a different, usually easier problem in the other group. Such a mapping e is described below:
e : G 1 × G 1 → G 2
where e is supposed to be a bilinear mapping, which means
∀P, Q ∈ G 1 and ∀a, b ∈ Z∗ q , e(aP, bQ) = e(P, Q)ab.
The bilinearity allows pairings such as the Weil Pairing and Tate Pairing to be useful because it enables new identity-based cryptographic primitives. Identity-based (also known as ID-based) crypto schemes have the advantage that there is an explicit connection between a user’s unique identification, such as an e-mail address or biometric measurement, and their private key. This eliminates the need for a public key distribution infrastructure. The au- thenticity of the public keys is guaranteed implicitly as soon as the transport of the private keys to the corresponding user is kept secure. It also allows extra embedding data, such as an expiration date for a message, coded as part of a user ID in the system. Joux firstly introduced a pairing based one- round three-party key exchange in 2000 [2]. In 2001, Boneh and Franklin published the first ID-based encryption (IBE) scheme [7]. Since then there have been many approaches to ID-based cryptography such as [9, 8, 63, 43]. Particularly in 2004, the Java based approaches of IBE and IBS were intro- duced in [47, 19, 13]. The security of the pairing based cryptography is based on the assumption that the Decision Diffie-Hellman (DDH) problem [10] is easily solved with a pairing function but the Computational Diffie-Hellman (CDH) problem remains infeasible. In short, the DDH can be described as: Given 〈P, aP, bP, cP 〉 with a, b, c ∈R Z∗ q , and P is affine point on elliptic curve, then determine whether c = ab. This can be solved easily by defining pairing functions: e 1 = (aP, bP ), e 2 = (P, cP ) and if e 1 = e 2 , then c = ab
The security of a pairing based cryptosystem relies on two parameters: the bit length, r and the bit size of the extension field k log 2 n, where k is the embedding degree and p is the number of elements in the finite field. The embedding degree is the degree of the extension field that the pairing maps into. The parameters need to be chosen high enough so that the discrete log- arithm problem is hard in both the subgroup of the curve and the finite field [41]. An Elliptic curve with a small embedding degree and a large prime- order subgroup is said to be pairing friendly. According to [22], much work has been done trying to match the bit sizes of curve parameters to obtain commonly desired levels of security. Table 1.2 from [22] shows the size of bit curve parameters and corresponding embedding degrees to obtain commonly desired levels of security, noting that
ρ = log p/ log r
Security Level Subgroup size Extension field size Emgedding degree k (in bits) r (in bits) qk^ (in bits) ρ ≈ 1 ρ ≈ 2 80 160 960-1280 6-8 2*,3- 112 224 2200-3600 10-16 5- 128 256 3000-5000 12-20 6- 192 384 800-10000 20-26 10- 256 512 14000-18000 28-36 14- Table 1.2: Bit sizes of curve parameters and corresponding embdding degree to obtain commonly desired levels of security [41]
In general, for efficient pairing computation we need curves with embedding degree rather small. However, to improve security it is more efficient to have a greater value of k than p [41].
18
Most cryptographic schemes are implemented as software programs. Well- known examples include PGP[17] and NTRUEncrypt[25]. Biometrics cryp- tography processing normally consists of a hardware interface but the pro- cessing is either done on a computer or embedded processor. There are some existing Java based software solutions to the cryptography. Sun provides security services and utilities since J2SE 1.4.2, which includes the most com- mon hash functions, symmetric and asymmetric ciphers. Up to their latest JDK 1.6.21, the java.security package with its sub-packages and together with the javax.security.* packages could provide most popular security ser- vices including digital certificates, digital signatures, public key cryptogra- phy, and authentication [46]. [26] is another well-known Java based security provider. Their products are also free of charge for educational and research purposes. They provide ECC including the Elliptic Curve Diffie-Hellman protocol and Elliptic Curve Digital Signature protocol. These are not suit- able for our system specification as they are not suitable for identity based cryptographic scheme. We applied pairing to allow identity based crypto- graphic scheme. Since the pairing computation is still very timing consuming compared with other ciphers, there is no official or commercially released li- brary in this area. The cryptographic scheme in [13] was the first java approach for pairing based cryptography as mentioned in Section 1.1. The following Figure 1. shows the system structure, which includes four main stages named Biomet- ric Extraction, Fuzzy Extraction, Parameter Selection, and IBS system [13].