International Association for Cryptologic Research

International Association
for Cryptologic Research


Hyang-Sook Lee

Affiliation: Ewha Womans University


Efficient and Generalized Pairing Computation on Abelian Varieties
Eunjeong Lee Hyang-Sook Lee Cheol-Min Park
In this paper, we propose a new method for constructing a bilinear pairing over (hyper)elliptic curves, which we call the R-ate pairing. This pairing is a generalization of the Ate and Ate_i pairing, and also improves efficiency of the pairing computation. Using the R-ate pairing, the loop length in Miller's algorithm can be as small as ${\rm log}(r^{1 / \phi(k)})$ for some pairing-friendly elliptic curves which have not reached this lower bound. Therefore we obtain from 29 % to 69 % savings in overall costs compared to the Ate_i pairing. On supersingular hyperelliptic curves of genus 2, we show that this approach makes the loop length in Miller's algorithm shorter than that of the Ate pairing.
Fast computation of Tate pairing on general divisors of genus 3 hyperelliptic curves
Eunjeong Lee Hyang-Sook Lee Yoonjin Lee
For the Tate pairing computation over hyperelliptic curves, there are developments by Duursma-Lee and Barreto et al., and those computations are focused on {\it degenerate} divisors. As divisors are not degenerate form in general, it is necessary to find algorithms on {\it general} divisors for the Tate pairing computation. In this paper, we present two efficient methods for computing the Tate pairing over divisor class groups of the hyperelliptic curves $y^2 = x^p - x + d, ~ d = \pm 1$ of genus 3. First, we provide the {\it pointwise} method, which is a generalization of the previous developments by Duursma-Lee and Barreto et al. In the second method, we use the {\it resultant} for the Tate pairing computation. According to our theoretical analysis of the complexity, the {\it resultant} method is $48.5 \%$ faster than the pointwise method in the best case and $15.3 \%$ faster in the worst case, and our implementation result shows that the {\it resultant} method is much faster than the pointwise method. These two methods are completely general in the sense that they work for general divisors with Mumford representation, and they provide very explicit algorithms.
An Authenticated Certificateless Public Key Encryption Scheme
Young-Ran Lee Hyang-Sook Lee
In 2003, Al-Riyami and Paterson \cite{AP} proposed the certificateless public key cryptography(CL-PKC) which is intermediate between traditional certificated PKC and identity-based PKC. In this paper, we propose an authenticated certificateless public key encryption scheme. Our result improves their public key encryption scheme in efficiency and security. The security of the protocol is based on the hardness of two problems; the computational Diffie-Hellman problem(CDHP) and the bilinear Diffie-Hellman problem(BDHP). We also give a formal security model for both confidentiality and unforgeability, and then show that our scheme is provably secure in the random oracle model.
An Authenticated Group Key Agreement Protocol on Braid groups
In this paper, we extend the 2-party key exchange protocol on braid groups to the group key agreement protocol based on the hardness of Ko-Lee problem. We also provide authenticity to the group key agreement protocol.
Tate-pairing implementations for tripartite key agreement
Iwan Duursma Hyang-Sook Lee
We give a closed formula for the Tate-pairing on the hyperelliptic curve $y^2 = x^p - x + d$ in characteristic $p$. This improves recent implementations by Barreto and by Galbraith for the special case $p=3$. As an application, we propose a $n$-round key agreement protocol for up to $3^n$ participants by extending Joux's pairing-based protocol to $n$ rounds.
Multi-Party Authenticated Key Agreement Protocols from Multilinear Forms
Ho-Kyu Lee Hyang-Sook Lee Young-Ran Lee
A. Joux presented a one round protocol for tripartitie key agreement and Al-Riyami developed a number of tripartitie, one round, authenticated protocols related to MTI and MQV protocols. Recently, Boneh and Silverleg studied multilinear forms, which provides a one round multi-party key agreement protocol. In this paper, we propose $(n+1)$ types of one round authenticated multi-party key agreement protocols from multilinear forms based on the application of MTI and MQV protocols.

Program Committees

Asiacrypt 2015