• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2008.02a
• /
• pp.69-72
• /
• 2008

최근 PKI-less 공개키 암호 시스템에 대한 연구가 진척되면서, 페어링(Pairing) 기반의 암호 시스템이 주목을 받고 있다. 페어링 기반의 암호 시스템은 두 개의 타원 곡선 상의 점을 유한체의 값으로 보내는 양방향 선형성(Bilinearity)을 가지는 페어링 함수를 기반으로 구성되는 암호 시스템이다. 페어링 기반의 암호 시스템 구현을 위해서는 페어링 연산 알고리즘이 필수적이며, 효율적인 페어링 연산을 위한 많은 연구가 진행되고 있다. 이러한 페어링 알고리즘에도 기존의 타원곡선 스칼라곱 알고리즘에서 야기되었던 부채널 공격이 동일하게 적용되기 때문에, 안전한 페어링 알고리즘을 위해서는 부채널 공격에 대한 저항성을 갖는 알고리즘이 필요하다. 이에 본 논문에서는 부채널 공격에도 안전하면서 비교적 효율적인 이진 필드 상의 페어링 알고리즘을 제시한다. 본 페어링 알고리즘은 기존의 부체널 공격 저항성을 갖는 페어링 알고리즘 중 가장 효율적인 알고리즘에 비해 효율성이 17% 정도 향상되었다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.33-44
• /
• 2008

The efficiency of pairing based cryptosystems depends on the computation of pairings. pairings is defined over finite fileds GF$(3^m)$ by trinomials due to efficiency. The hardware architectures for pairings have been widely studied. This paper proposes new adder and multiplier for GF(3) which are more efficient than previous results. Furthermore, this paper proposes a new unified adder-subtractor for GF$(3^m)$ based on the proposed adder and multiplier. Finally, this paper proposes new multiplier for GF$(3^m)$. The proposed MSB-first bit-serial multiplier for GF$(p^m)$ reduces the time delay by approximately 30 % and the size of register by half than previous LSB-first multipliers. The proposed multiplier can be applied to all finite fields defined by trinomials.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.2
• /
• pp.70-79
• /
• 2013

Recently, there has been introduced various types of pairing computations to implement ID based cryptosystem for mobile ad hoc network. The Miller algorithm is the most popular algorithm for the typical pairing computation such as Weil, Tate and Ate. In this paper, we analyze the feasibility of concrete data fault injection attack, which was proposed by Whelan and Scott, in terms of regardless of round positions during the execution of the Miller algorithm. As the simulation results, the proposed attack that can be employed to regardless of round positions and coordinate systems is effective and powerful.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.1C
• /
• pp.14-21
• /
• 2011

Cryptographic protocols based on bilinear pairings provide excellent alternatives to conventional elliptic curve cryptosystems based on discrete logarithm problems. Through active research has been done toward fast computation of the bilinear pairings, it is still believed that the computational cost of one pairing computation is heavier than the cost of one ECC scalar multiplication. However, there have been many progresses in pairing computations over binary fields. In this paper, we compare the cost of BLS signature scheme with ECDSA with equvalent level of security parameters. Analysis shows that the cost of the pairing computation is quite comparable to the cost of ECC scalar multiplication for the case of binary fields.

• Journal of Korea Multimedia Society
• /
• v.14 no.6
• /
• pp.775-784
• /
• 2011

In this paper we introduce the notion of multi-receiver certificateless encryption that avoids the inherent key escrow problem of multi-receiver identity-based encryption, and also present a highly efficient multi-receiver certificateless encryption scheme which eliminates pairing computation to encrypt a message for multiple receivers, Moreover, the proposed scheme only needs one pairing computation to decrypt the ciphertext. Finally, we discuss how to properly transform our scheme into a new public key broadcast encryption scheme for stateless receivers based on the subset-cover framework, which enjoys the advantages of certificateless cryptography.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.7
• /
• pp.68-75
• /
• 2013

Recently, there has been introduced various types of pairing computations to implement ID based cryptosystem for mobile ad hoc network. According to spreading the applications of pairing computations, various fault attacks have been proposed. Among them, a counter fault attack has been considered the strongest threat. Thus this paper proposes a new countermeasure to prevent the counter fault attack on Miller's algorithm. The proposed method is able to reduce the possibility of fault propagation by a random index of intermediate values. Additionally, it is difficult to challenge fault attacks on the proposed method since a simple side channel leakage of 'if' branch is eliminated.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.17-25
• /
• 2007

Delegation of signing capability is a common practice in various applications. Mambo et al. proposed a proxy signatures as a solutions for delegation of signing capability. Proxy signatures allow a designated proxy signer to sign on behalf of an original signer. After the concept of proxy signature scheme is proposed, many variants are proposed to support more general delegation setting. To capture all possible delegation structures, the concept of delegation network was proposed by Aura. ID-based cryptography, which is suited for flexible environment, is desirable to construct a delegation network. Chow et al proposed an ID-based delegation network. In the computational point of view, their solution requires E pairing operations and N elliptic curve scalar multiplications where E and N are the number of edges and nodes in a delegation structure, respectively. In this paper, we proposed an efficient ID-based delegation network which requires only E pairing operations. Moreover, we can design a modified delegation network that requires only N pairing operations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.3-12
• /
• 2011

A hashing function that maps arbitrary messages directly onto curve points (MapToPoint) has non-negligible complexity in pairing-based cryptosystems. Unlike elliptic curve cryptosystems, pairing-based cryptosystems require the hashing function in ternary fields. Barreto et al. observed that it is more advantageous to hash the message to an ordinate instead of an abscissa. So, they significantly improved the hashing function by using a matrix with coefficients of the abscissa. In this paper, we improve the method of Barreto et al. by reducing the matrix. Our method requires only 44% memory of the previous result. Moreover we can hash a message onto a curve point 2~3 times faster than Barreto's Method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.3-11
• /
• 2011

Evaluation of cube roots in characteristic three finite fields is required for Tate (or modified Tate) pairing computation. The Hamming weights (the number of nonzero coefficients) in the polynomial representations of $x^{1/3}$ and $x^{2/3}$ determine the efficiency of cube roots computation, where $F_{3^m}$is represented as $F_3[x]/(f)$ and $f(x)=x^m+ax^k+b{\in}F_3[x]$ (a, $b{\in}F_3$) is an irreducible trinomial. O. Ahmadi et al. determined the Hamming weights of $x^{1/3}$ and $x^{2/3}$ for all irreducible trinomials. In this paper, we present formulas for cube roots in $F_{3^m}$ using the shifted polynomial basis(SPB). Moreover, we provide the suitable shifted polynomial basis bring no further modular reduction process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.83-90
• /
• 2011

Recently, pairings over elliptic curve have been applied for various ID-based encryption/signature/authentication/key agreement schemes. For efficiency, the $Eta_T$ pairings over GF($P^n$) (P = 2, 3) were invented, however, they are vulnerable to side channel attacks such as DPA because of their symmetric computation structure compared to other pairings such as Tate, Ate pairings. Several countermeasures have been proposed to prevent side channel attacks. Especially, Masaaki Shirase's method is very efficient with regard to computational efficiency, however, it has security flaws. This paper examines closely the security flaws of RVA-based countermeasure on $Eta_T$ Pairing algorithm from the implementation point of view.