Secure Delegation of Elliptic-Curve Pairing
In this paper we describe a simple protocol for securely delegating elliptic-curve pairings. A computationally limited device (typically a smart-card) will delegate the computation of the pairing e(A,B) to a more powerful device (for example a PC), in such a way that: 1. the powerful device learns nothing about the points being paired (A and B), nor about the pairing?s result e(A,B), 2. and the limited device is able to detect when the powerful device is cheating. We also describe more efficient variants of our protocol when one of the points or both are already known, and further efficiency gains when constant points are used.
Efficient Batch Verification of Signature Schemes based on Bilinear Maps
In this paper we present batch signature verification schemes for identity and non-identity signatures schemes based on bilinear maps. We examine some signature schemes and exploit their properties so that we can batch process the verification of these signatures in an efficient manner. Batch verification of message signatures is useful in real world applications. Most email clients are predominantly offline and so do not download emails one at a time. Instead the mails arrive at an online mail server individually, where they are collected together and stored. It is only after some period of time that any mails on the server are downloaded in bulk. It is not unreasonable to have 5 - 10 emails download into your inbox in any one transaction with the mail server. Say these mails were all signed, then this would be an ideal time to do batch signature verification. We show that we can make substantial savings over the na?ve approach of verifying one message signature at a time.
Efficient and Forward-Secure Identity-Based Signcryption
Several signcryption schemes proposed in the literature are known to lack semantic security, and semantically secure signcryption schemes tend to be more computationally expensive. In fact, devising an efficient signcryption scheme providing both public verifiability and forward security was until now an open problem. In this paper, we show how a particular kind of signcryption scheme may become completely insecure when implemented with certain efficient instantiations of the Tate or Weil pairing. We also address the drawbacks of the secure schemes by proposing efficient, semantically and forward-secure signcryption schemes, in both transferable and non-transferable form, that can be realised on top of any pairing instantiation. As a bonus, we also derive from them a new, efficient identity-based signature scheme.
A New Two-Party Identity-Based Authenticated Key Agreement
We present a new two-party identity-based key agreement that is more efficient than previously proposed schemes. It is inspired on a new identity-based key pair derivation algorithm first proposed by Sakai and Kasahara. We show how this key agreement can be used in either escrowed or escrowless mode. We also describe conditions under which users of different Key Generation Centres can agree on a shared secret key. We give an overview of existing two-party key agreement protocols, and compare our new scheme with existing ones in terms of computational cost and storage requirements.