• Communications of the Korean Mathematical Society
• /
• v.20 no.4
• /
• pp.849-859
• /
• 2005

We present a new identity based authenticated key agreement protocol from pairings satisfying the required security attributes. The security of our protocol is based on the bilinear Diffie- Hellman assumption.

• Journal of the Chungcheong Mathematical Society
• /
• v.20 no.4
• /
• pp.355-366
• /
• 2007

In this paper, we propose a new blind group identification protocol and a hidden group signature protocol as its application. These protocols involve many provers and one verifier such that (1) the statement of all the provers are proved simultaneously, (2) and also all the provers using computationally limited devices (e.g. smart cards) have no need of computing the bilinear pairings, (3) but only the verifier uses the bilinear pairings. A. Saxena et al. proposed a two-round blind (group) identification protocol in 2005 using the bilinear pairings. But it reveals weakness in the active-intruder attack, and all the provers as well as the verifier must have devices computing bilinear pairings. Comparing their results, our protocol is secure from the active-intruder attack and has more fit for smart cards. In particular, it is secure under only the assumption of the hardness of the Discrete-Logarithm Problem in bilinear groups.

• ETRI Journal
• /
• v.30 no.1
• /
• pp.68-80
• /
• 2008

Since many efficient algorithms for implementing pairings have been proposed such as ${\eta}_T$ pairing and the Ate pairing, pairings could be used in constraint devices such as smart cards. However, the secure implementation of pairings has not been thoroughly investigated. In this paper, we investigate the security of ${\eta}_T$ pairing over binary fields in the context of side-channel attacks. We propose efficient and secure ${\eta}_T$ pairing algorithms using randomized projective coordinate systems for computing the pairing.

• Journal of the Chungcheong Mathematical Society
• /
• v.21 no.3
• /
• pp.403-411
• /
• 2008

In 2005, A. Saxena, B. Soh and S. Priymak [10] proposed a two-flow blind identification protocol. But it has a weakness of the active-intruder attack and uses the pairing operation that causes slow implementation in smart cards. In 2008, Y. W. Lee [9] made a method of the active-intruder attack on their identification scheme and proposed a new zero-knowledge blind identification protocol for smart cards. In this paper, we give more simple and fast protocols than above protocols such that the prover using computationally limited devices such as smart cards has no need of computing the bilinear pairings. Computing the bilinear pairings is needed only for the verifier and is secure assuming the hardness of the Discrete-Logarithm Problem (DLP).

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.7
• /
• pp.2554-2571
• /
• 2014

Certificate-based cryptography is a new cryptographic paradigm that provides an interesting balance between identity-based cryptography and traditional public key cryptography. It not only simplifies the complicated certificate management problem in traditional public key cryptography, but also eliminates the key escrow problem in identity-based cryptography. As an extension of the signcryption in certificate-based cryptography, certificate-based signcryption provides the functionalities of certificate-based encryption and certificate-based signature simultaneously. However, to the best of our knowledge, all constructions of certificate-based signcryption in the literature so far have to be based on the costly bilinear pairings. In this paper, we propose a certificate-based signcryption scheme that does not depend on the bilinear pairings. The proposed scheme is provably secure in the random oracle model. Due to avoiding the computationally-heavy paring operations, the proposed scheme significantly reduces the cost of computation and outperforms the previous certificate-based signcryption schemes.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.07a
• /
• pp.37-42
• /
• 2003

Threshold signature and blind signature are playing important roles in cryptography as well as practical applications such as e-cash and e-voting systems. In this paper, we present a new threshold blind digital signature based on pairings without a trusted third party. Our scheme operates on Gap Diffie-Hellman group, where Computational Diffie-Hellman problems are hard but Decision Diffie-Hellman problems are easy. For example, we use pairings that could be built from Weil pairing or Tate pairing. To the best of our knowledge, we claim that our scheme is the first threshold blind signature using pairings with provable security in the random oracle model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.2
• /
• pp.881-896
• /
• 2016

Certificate-based cryptography is a useful public key cryptographic primitive that combines the merits of traditional public key cryptography and identity-based cryptography. It not only solves the key escrow problem inherent in identity-based cryptography, but also simplifies the cumbersome certificate management problem in traditional public key cryptography. In this paper, by giving a concrete attack, we first show that the certificate-based encryption scheme without bilinear pairings proposed by Yao et al. does not achieve either the chosen-ciphertext security or the weaker chosen-plaintext security. To overcome the security weakness in Yao et al.'s scheme, we propose an enhanced certificate-based encryption scheme that does not use the bilinear pairings. In the random oracle model, we formally prove it to be chosen-ciphertext secure under the computational Diffie-Hellman assumption. The experimental results show that the proposed scheme enjoys obvious advantage in the computation efficiency compared with the previous certificate-based encryption schemes. Without costly pairing operations, it is suitable to be employed on the computation-limited or power-constrained devices.

• Bulletin of the Korean Mathematical Society
• /
• v.59 no.5
• /
• pp.1093-1103
• /
• 2022

In this paper, we establish an evaluation formula to calculate the Wiener integral of polynomials in terms of natural dual pairings on abstract Wiener spaces (H, B, 𝜈). To do this we first derive a translation theorem for the Wiener integral of functionals associated with operators in 𝓛(B), the Banach space of bounded linear operators from B to itself. We then apply the translation theorem to establish an integration by parts formula for the Wiener integral of functionals combined with operators in 𝓛(B). We finally apply this parts formula to evaluate the Wiener integral of certain polynomials in terms of natural dual pairings.

• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.3
• /
• pp.168-175
• /
• 2013

Key escrow is a default property that is inherent in identity-based cryptography, where a curious private key generator (PKG) can derive a secret value shared by communicating entities in its domain. Therefore, a dishonest PKG can encrypt and decrypt ciphers or can carry out any attack on the communicating parties. Of course, the escrow property is not completely unwanted but is acceptable in other particular applications. On the other hand, in more civil applications, this key escrow property is undesirable and needs to be removed to provide maximum communication privacy. Therefore, this paper presents an escrow-free identity-based key agreement protocol that is also applicable even in a distinct PKG condition that does not use pairings. The proposed protocol has comparable computational and communicational performance to many other protocols with similar security attributes, of which their security is based on costly bilinear pairings. The protocol's notion was inspired by McCullagh et al. and Chen-Kudla, in regard to escrow-free and multi-PKG key agreement ideas. In particular, the scheme captures perfect forward secrecy and key compromise impersonation resilience, which were lacking in McCullagh et al.'s study, as well as all other desirable security attributes, such as known key secrecy, unknown key-share resilience and no-key control. The merit in the proposed protocol is the achievement of all required security requirements with a relatively lower computational overhead than many other protocols because it precludes pairings.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.83-90
• /
• 2011

Recently, pairings over elliptic curve have been applied for various ID-based encryption/signature/authentication/key agreement schemes. For efficiency, the $Eta_T$ pairings over GF($P^n$) (P = 2, 3) were invented, however, they are vulnerable to side channel attacks such as DPA because of their symmetric computation structure compared to other pairings such as Tate, Ate pairings. Several countermeasures have been proposed to prevent side channel attacks. Especially, Masaaki Shirase's method is very efficient with regard to computational efficiency, however, it has security flaws. This paper examines closely the security flaws of RVA-based countermeasure on $Eta_T$ Pairing algorithm from the implementation point of view.