Paper 2013/688

Unbalancing Pairing-Based Key Exchange Protocols

Michael Scott


In many pairing-based protocols more than one party is involved, and some or all of them may be required to calculate pairings. Commonly it is the pairing calculation itself which takes most time. However some parties may be better equipped than others in terms of computational power. By exploiting the bilinearity property there are established ways to off-load the pairing calculation to an untrusted third party. Here we observe that this third party may in fact be one of the other participants in the protocol. In this way a protocol may be ``unbalanced'' by shifting the computational load from one participant to another, which may be an advantage in some circumstances. In this paper we focus on some simple key exchange protocols. Surprisingly we find that unbalancing a key exchange protocol can endow it with the property of full forward secrecy, even if it did not originally possess it. Finally we show that a new condition on the choice of pairing-friendly curve can help to minimize the overall computation.

Available format(s)
Publication info
Preprint. MINOR revision.
Contact author(s)
mike scott @ certivox com
2013-10-24: received
Short URL
Creative Commons Attribution


      author = {Michael Scott},
      title = {Unbalancing Pairing-Based Key Exchange Protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2013/688},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.