橢圓曲線Pairings之密碼應用原理

10.29614/DRMM.201010.0002

林志賢

密碼學 ； 密碼系統 ； 數位簽章 ； 金鑰協議

資訊安全通訊

16卷4期（2010 / 10 / 01）

32 - 44

繁體中文

橢圓曲線密碼系統可以較短的金鑰長度，達到與RSA密碼系統相同等級的安全強度等級，使得其計算複雜度相對來得較小。因此，橢圓曲線密碼系統近年日漸受到重視。在橢圓曲線理論中，pairing在密碼學中有相當廣泛的應用，例如ID-based加密系統、數位簽章、signcryption、金鑰協議等。Pairing運算經常是這些系統得以成功運作的關鍵技術，也是左右這些系統運作速度的關鍵因素。一般人對於pairing運算總是諱莫如深。本文將介紹pairings的運作原理及其發展與改進，期望讓讀者對於pairing運算有更清楚的瞭解。

1. E. Lee, H.-S. Lee, and C.-M. Park, “Efficient and Generalized Pairing Computation on Abelian Varieties,” Preprint, 2008. Available from http://eprint.iacr.org/2008/040.
2. F. Vercauteren, “Optimal Pairings,” Preprint, 2008, Available from http://eprint.iacr.org/2008/096.
3. A. Murphy and N. Fitzpatrick, “Elliptic curves for pairing applications,” Preprint, 2005. Available from http://eprint.iacr.org/2005/302.
4. C. Zhao, F. Zhang and J. Huang, “A Note on the Ate Pairing,” Preprint, 2007, Available from http://eprint.iacr.org/2007/247.
5. V. S. Miller, “Short programs for functions on curves. Unpublished manuscript,” 1986. http://crypto.stanford.edu/miller/miller.pdf.
6. P.S.L.M. Barreto, S. Galbraith, C. Ó hÉ igeartaigh and M. Scott, “Efficient pairing computation on supersingular abelian varieties,” Preprint, 2004. Available from http://eprint.iacr.org/2004/375.
7. Barreto, P. S. L. M.,Naehrig, M.(2006).Pairing-friendly elliptic curves of prime order.Lecture Notes in Computer Science,3897,319-331.
8. Bellare, M.,Rogaway, P.(1997).Minimizing the use of random oracles in authenticated encryption schemes.Information and Communications Security '97
9. Boneh, D.,Boyen, X.,Shacham, H.(2004).Short Group Signatures.CRYPTO 2004
10. Boneh, D.,Franklin, M.(2001).Identity-base encryption from the Weil pairing.CRYPTO 2001
11. Boneh, D.,Goh, E.-J.,Nissim, K.(2005).Evaluating 2-DNF formulas on ciphertexts.Theory of Cryptography '05
12. Comuta, A.,Kawazoe, M.,Takahashi, T.(2007).Pairing-friendly elliptic curves with small security loss by Cheon's algorithm.10th International Conference on Information Security and Cryptology
13. Galbraith, S.,Harrison, K.,Soldera, S.(2002).Implementing the Tate pairing.Algorithmic Number Theory Symposium-ANTS V
14. Granger, R.,Page, D.,Smart, N. P.(2006).High security pairing-based cryptography revisited.Lecture notes in computer science,4076,480-494.
15. Hess, F.,Smart, N.,Vercauteren, Frederik(2006).The Eta Pairing Revisited.IEEE Transactions on Information Theory,52(10),4595-4602.
16. Johnson, D.,Menezes, A.,Vanstone, S.(2001).The elliptic curve digital signature algorithm (ECDSA).International Journal of Information Security,1,36-63.
17. Joux, A.(2000).A one round protocol for tripartite Diffie-Hellman.ANTS IV
18. Law, L.,Menezes, A.,Qu, M.,Solinas, J.,Vanstone, S.(2003).An efficient protocol for authenticated key agreement.Designs, Codes and Cryptography,28,119-134.
19. Li, X.,Chen, K.(2004).Identity based proxy-signcryption scheme from pairings.IEEE-SCC 2004
20. Liu, C.-L.,Horng, G.,Chen, T.-Y.(2007).Further refinement of pairing computation based on Miller's algorithm.Applied Mathematics and Computation,189(1),395-409.
21. Matsuda, S.,Kanayama, N.,Hess, F.,Okamoto, E.(2007).Optimised versions of the Ate and twisted Ate pairings.Lecture Notes in Computer Science,4887,302-312.
22. Menezes, A. J.,Koblitz, N.(2005).Pairing-based cryptography at high security levels.Cryptography and Coding
23. Menezes, A.,Okamoto, T.,Vanstone, S.(1991).Reducing elliptic curve logarithms to logarithms in a finite field.STOC '91: Proceedings of the twenty-third annual ACM symposium on Theory of computing,New York, NY, USA:
24. Nalla, D.,Reddy, K.C.(2003).,未出版
25. Sakai, R.,Ohgishi, K.,Kasahara, M.(2000).Cryptosystems based on pairing.SCIS 2000,Okinawa, Japan:
26. Smart, N. P.(2002).An identity based authenticated key agreement protocol based on Weil pairing.Electronics Letters,38,630-632.
27. Washington, Lawrence C.(2008).Elliptic Curves: Number Theory and Cryptography.Boca Raton:CRC Press.