## Cryptology ePrint Archive: Report 2013/688

Unbalancing Pairing-Based Key Exchange Protocols

Michael Scott

Abstract: In many pairing-based protocols more than one party is involved, and some or all of them may be required to calculate pairings. Commonly it is the pairing calculation itself which takes most time. However some parties may be better equipped than others in terms of computational power. By exploiting the bilinearity property there are established ways to off-load the pairing calculation to an untrusted third party. Here we observe that this third party may in fact be one of the other participants in the protocol. In this way a protocol may be unbalanced'' by shifting the computational load from one participant to another, which may be an advantage in some circumstances. In this paper we focus on some simple key exchange protocols. Surprisingly we find that unbalancing a key exchange protocol can endow it with the property of full forward secrecy, even if it did not originally possess it. Finally we show that a new condition on the choice of pairing-friendly curve can help to minimize the overall computation.

Category / Keywords: implementation /

Date: received 24 Oct 2013

Contact author: mike scott at certivox com

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2013/688

[ Cryptology ePrint archive ]