Paper 2013/688

Unbalancing Pairing-Based Key Exchange Protocols

Michael Scott

Abstract

In many pairing-based protocols more than one party is involved, and some or all of them may be required to calculate pairings. Commonly it is the pairing calculation itself which takes most time. However some parties may be better equipped than others in terms of computational power. By exploiting the bilinearity property there are established ways to off-load the pairing calculation to an untrusted third party. Here we observe that this third party may in fact be one of the other participants in the protocol. In this way a protocol may be ``unbalanced'' by shifting the computational load from one participant to another, which may be an advantage in some circumstances. In this paper we focus on some simple key exchange protocols. Surprisingly we find that unbalancing a key exchange protocol can endow it with the property of full forward secrecy, even if it did not originally possess it. Finally we show that a new condition on the choice of pairing-friendly curve can help to minimize the overall computation.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Contact author(s)
mike scott @ certivox com
History
2013-10-24: received
Short URL
https://ia.cr/2013/688
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2013/688,
      author = {Michael Scott},
      title = {Unbalancing Pairing-Based Key Exchange Protocols},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/688},
      year = {2013},
      url = {https://eprint.iacr.org/2013/688}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.