All papers in 2007 (Page 5 of 482 results)
Last updated: 2007-01-11
Cryptanalysis of An Oblivious Polynomial Evaluation Protocol Based On Polynomial Reconstruction Problem
Uncategorized
Uncategorized
In 1999, Naor and Pinkas \cite {NP99} presented a useful protocol
called oblivious polynomial evaluation(OPE). In this paper, the
cryptanalysis of the OPE protocol is presented. It's shown that the
receiver can successfully get the sender's secret polynomial $P$
after executing the OPE protocol only once, which means the privacy
of the sender can be violated and the security of the OPE protocol
will be broken. It's also proven that the complexity of the
cryptanalysis is the same with the corresponding protocols
cryptanalyzed.
Families of genus 2 curves with small embedding degree
Uncategorized
Uncategorized
Hyperelliptic curves of small genus have the advantage of
providing a group of comparable size as that of elliptic curves,
while working over a field of smaller size. Pairing-friendly
hyperelliptic curves are those whose order of the Jacobian is
divisible by a large prime, whose embedding degree is small enough
for computations to be feasible, and whose minimal embedding field
is large enough for the discrete logarithm problem in it to be
difficult. We give a sequence of $\F_q$-isogeny classes for a family
of Jacobians of genus two curves over $\F_{q}$, for $q=2^m$, and
their corresponding small embedding degrees. We give examples of
the parameters for such curves with embedding degree $k<(\log q)^2$,
such as $k=8,13,16,23,26,37,46,52$.
For secure and efficient implementation of pairing-based
cryptography on genus g curves over $\F_q$, it is desirable that the
ratio $\rho=\frac{g\log_2 q}{\log_2N}$ be approximately 1, where $N$
is the order of the subgroup with embedding degree $k$. We show that
for our family of curves, $\rho$ is often near 1 and never more than
2.
We also give a sequence of $\F_q$-isogeny classes for a family of
Jacobians of genus 2 curves over $\F_{q}$ whose minimal embedding
field is much smaller than the finite field indicated by the
embedding degree $k$. That is, the extension degrees in this
example differ by a factor of $m$, where $q=2^m$, demonstrating that
the embedding degree can be a far from accurate measure of security.
As a result, we use an indicator $k'=\frac{\ord_N2}{m}$ to examine
the cryptographic security of our family of curves.
- « Previous
- 1
- ...
- 4
- 5