Cryptology ePrint Archive: Report 2013/688
Unbalancing Pairing-Based Key Exchange Protocols
Abstract: In many pairing-based protocols more than one party is involved, and some or all of them may be required to calculate pairings.
Commonly it is the pairing calculation itself which takes most time.
However some parties may be better equipped than others in terms of computational power. By exploiting the bilinearity
property there are established ways to off-load the pairing calculation to an untrusted third party. Here we observe
that this third party may in fact be one of the other participants in the protocol. In this way a protocol may be ``unbalanced''
by shifting the computational load from one participant to another, which may be an advantage in some circumstances.
In this paper we focus on some simple key exchange protocols.
Surprisingly we find that unbalancing a key exchange protocol can endow it with the property of full forward secrecy, even if it did not originally possess it.
Finally we show that a new condition on the choice of pairing-friendly curve can help to minimize the overall computation.
Category / Keywords: implementation /
Date: received 24 Oct 2013
Contact author: mike scott at certivox com
Available format(s): PDF | BibTeX Citation
Version: 20131024:165032 (All versions of this report)
Short URL: ia.cr/2013/688
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]