Paper 2010/388

On the Efficiency and Security of Pairing-Based Protocols in the Type 1 and Type 4 Settings

Sanjit Chatterjee, Darrel Hankerson, and Alfred Menezes

Abstract

We focus on the implementation and security aspects of cryptographic protocols that use Type 1 and Type 4 pairings. On the implementation front, we report improved timings for Type 1 pairings derived from supersingular elliptic curves in characteristic 2 and 3 and the first timings for supersingular genus-2 curves in characteristic 2 at the 128-bit security level. In the case of Type 4 pairings, our main contribution is a new method for hashing into ${\mathbb G}_2$ which makes the Type 4 setting almost as efficient as Type 3. On the security front, for some well-known protocols we discuss to what extent the security arguments are tenable when one moves to genus-2 curves in the Type 1 case. In Type 4, we observe that the Boneh-Shacham group signature scheme, the very first protocol for which the Type 4 setting was introduced in the literature, is trivially insecure, and we describe a small modification that appears to restore its security.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Abbreviated version appears in the proceedings of WAIFI 2010.
Keywords
pairing-based cryptographyType 1 and type 4 pairings
Contact author(s)
s2chatte @ uwaterloo ca
History
2010-07-09: received
Short URL
https://ia.cr/2010/388
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2010/388,
      author = {Sanjit Chatterjee and Darrel Hankerson and Alfred Menezes},
      title = {On the Efficiency and Security of Pairing-Based Protocols in the Type 1 and Type 4 Settings},
      howpublished = {Cryptology {ePrint} Archive, Paper 2010/388},
      year = {2010},
      url = {https://eprint.iacr.org/2010/388}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.