Identity-based encryption from the weil pairing

SIAM Journal on Computing

Volumn 32, Issue 3, 2003, Pages 586-615

  Boneh, Dan ^a   Franklin, Matthew ^b  

^a Stanford University   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Bilinear maps; Elliptic curve cryptography; Escrow ElGamal; Identity based encryption; Tate pairing; Weil pairing

Indexed keywords

ALGORITHMS; COMPUTATIONAL COMPLEXITY; COMPUTER SIMULATION; CONFORMAL MAPPING; ELECTRONIC MAIL; ENCODING (SYMBOLS); GAME THEORY; SECURITY OF DATA; SEMANTICS;

BILINEAR MAPS; ELLIPTIC CURVE CRYPTOGRAPHY; ESCROW ELGAMAL; IDENTITY BASED ENCRYPTION; PUBLIC KEY GENERATOR; TATE PAIRING; WEIL PAIRING;

PUBLIC KEY CRYPTOGRAPHY;

EID: 0037623983     PISSN: 00975397     EISSN: None     Source Type: Journal    
DOI: 10.1137/S0097539701398521     Document Type: Article

References (46)

1. P. Barreto, H. Kim, B. Lynn, and M. Scott, Efficient algorithms for pairing-based cryptosystems, in Advances in Cryptology-Crypto 2002, Lecture Notes in Comput. Sci. 2140, Springer-Verlag, Berlin, 2002, pp. 354-368.
2. M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, Relations among notions of security for public-key encryption schemes, in Advances in Cryptology-Crypto 1998, Lecture Notes in Comput. Sci. 1462, Springer-Verlag, Berlin, 1998, pp. 26-45.
3. M. Bellare and P. Rogaway, Random oracles are practical: A paradigm for designing efficient protocols, in ACM Conference on Computers and Communication Security, ACM, New York, 1993, pp. 62-73.
4. D. Boneh, The decision Diffie-Hellman problem, in Proceedings of the Third Algorithmic Number Theory Symposium, Lecture Notes in Comput. Sci. 1423, Springer-Verlag, Berlin, 1998, pp. 48-63.
5. D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, extended abstract in Advances in Cryptology-Crypto 2001, Lecture Notes in Comput. Sci. 2139, Springer-Verlag, Berlin, 2001, pp. 231-229; also available online from http://eprint.iacr.org/2001/090/.
6. D. Boneh, B. Lynn, and H. Shacham, Short signatures from the Weil pairing, in Advances in Cryptology-AsiaCrypt 2001, Lecture Notes in Comput. Sci. 2248, Springer-Verlag, Berlin, 2001, pp. 514-532.
7. M. Bellare, A. Boldyreva, and S. Micali, Public-key encryption in a multi-user setting: Security proofs and improvements, in Advances in Cryptology-Eurocrypt 2000, Lecture Notes in Comput. Sci. 1807, Springer-Verlag, Berlin, 2000, pp. 259-274.
8. C. Cocks, An identity based encryption scheme based on quadratic residues, in Proceedings of the Eighth IMA International Conference on Cryptography and Coding, Royal Agricultural College, Cirencester, UK, 2001, pp. 360-363.
9. J. Coron, On the exact security of Full-Domain-Hash, in Advances in Cryptology-Crypto 2000, Lecture Notes in Comput. Sci. 1880, Springer-Verlag, Berlin, 2000, pp. 229-235.
10. R. Cramer and V. Shoup, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack, in Advances in Cryptology-Crypto 1998, Lecture Notes in Comput. Sci. 1462, Springer-Verlag, Berlin, 1998, pp. 13-25.
11. Y. Desmedt and J. Quisquater, Public-key systems based on the difficulty of tampering, in Advances in Cryptology-Crypto 1986, Lecture Notes in Comput. Sci. 263, Springer-Verlag, Berlin, 1986, pp. 111-117.
12. G. Di Crescenzo, R. Ostrovsky, and S. Rajagopalan, Conditional oblivious transfer and timed-release encryption, in Advances in Cryptology-Eurocrypt 1999, Lecture Notes in Comput. Sci. 1592, Springer-Verlag, Berlin, 1999, pp. 74-89.
13. D. Dolev, D. Dwork, and M. Naor, Nonmalleable cryptography, SIAM J. Comput., 30 (2000), pp. 391-437.
14. U. Feige, A. Fiat, and A. Shamir, Zero-knowledge proofs of identity, J. Cryptology, 1 (1988), pp. 77-94.
15. A. Fiat and A. Shamir, How to prove yourself: Practical solutions to identification and signature problems, in Advances in Cryptology-Crypto 1986, Lecture Notes in Comput. Sci. 263, Springer-Verlag, Berlin, 1986, pp. 186-194.
16. E. Fujisaki and T. Okamoto, Secure integration of asymmetric and symmetric encryption schemes, in Advances in Cryptology-Crypto 1999, Lecture Notes in Comput. Sci. 1666, Springer-Verlag, Berlin, 1999, pp. 537-554.
17. G. Frey, M. Müller, and H. Rück, The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems, IEEE Trans. Inform. Theory, 45 (1999), pp. 1717-1718.
18. S. Galbraith, Supersingular curves in cryptography, in Advances in Cryptology-AsiaCrypt 2001, Lecture Notes in Comput. Sci. 2248, Springer-Verlag, Berlin, 2001, pp. 495-513.
19. S. Galbraith, K. Harrison, and D. Soldera, Implementing the Tate-pairing, in Proceedings of the Fifth Algorithmic Number Theory Symposium, Lecture Notes in Comput. Sci. 2369, Springer-Verlag, Berlin, 2002, pp. 324-327.
20. P. Gemmell, An introduction to threshold cryptography, in CryptoBytes, a technical newsletter of RSA Laboratories, 2 (1997), pp. 7-12.
21. R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin, Robust and efficient sharing of RSA functions, J. Cryptology, 13 (2000), pp. 273-300.
22. R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin, Secure distributed key generation for discrete-log based cryptosystems, in Advances in Cryptology-Eurocrypt 1999, Lecture Notes in Comput. Sci. 1592, Springer-Verlag, Berlin, 1999, pp. 295-310.
23. O. Goldreich, B. Pfitzmann, and R. Rivest, Self-delegation with controlled propagation -or- What if you lose your laptop, in Advances in Cryptology-Crypto 1998, Lecture Notes in Comput. Sci. 1462, Springer-Verlag, Berlin, 1998, pp. 153-168.
24. S. Goldwasser and S. Micali, Probabilistic encryption, J. Comput. System Sci., 28 (1984), pp. 270-299.
25. D. Hühnlein, M. Jacobson, and D. Weber, Towards practical non-interactive public key cryptosystems using non-maximal imaginary quadratic orders, in Selected Areas in Cryptography, Lecture Notes in Comput. Sci. 2012, Springer-Verlag, Berlin, 2000, pp. 275-287.
26. A. Joux, A one round protocol for tripartite Diffie-Hellman, in Proceedings of the Fourth Algorithmic Number Theory Symposium, Lecture Notes in Comput. Sci. 1838, Springer-Verlag, Berlin, 2000, pp. 385-394.
27. A. Joux, The Weil and Tate pairings as building blocks for public key cryptosystems, in Proceedings of the Fifth Algorithmic Number Theory Symposium, Lecture Notes in Comput. Sci. 2369, Springer-Verlag, Berlin, 2002, pp. 20-32.
28. A. Joux and K. Nguyen, Separating Decision Diffie-Hellman from Diffie-Hellman in Cryptographic Groups, http://eprint.iacr.org, 2001.
29. S. Lang, Elliptic Functions, Addison-Wesley, Reading, MA, 1973.
30. U. Maurer, Towards proving the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms, in Advances in Cryptology-Crypto 1994, Lecture Notes in Comput. Sci. 839, Springer-Verlag, Berlin, 1994, pp. 271-281.
31. U. Maurer and Y. Yacobi, Non-interactive public-key cryptography, in Advances in Cryptology-Crypto 1991, Lecture Notes in Comput. Sci. 547, Springer-Verlag, Berlin, 1991, pp. 498-507.
32. A. Menezes, T. Okamoto, and S. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Trans. Inform. Theory, 39 (1993), pp. 1639-1646.
33. A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, FL, 1996.
34. V. Miller, Short Programs for Functions on Curves, manuscript.
35. A. Miyaji, M. Nakabayashi, and S. Takano, New explicit condition of elliptic curve trace for FR-reduction, IEICE Trans. Fundamentals, E84 A (2001), pp. 1234-1243.
36. P. Paillier and M. Yung, Self-escrowed public-key infrastructures, in Information Security and Cryptology-ICISC 1999, Lecture Notes in Comput. Sci. 1787, Springer-Verlag, Berlin, 1999, pp. 257-268.
37. C. Rackoff and D. Simon, Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack, in Advances in Cryptology-Crypto 1991, Lecture Notes in Comput. Sci. 547, Springer-Verlag, Berlin, 1991, pp. 433-444.
38. R. Rivest, A. Shamir, and D. Wagner, Time Lock Puzzles and Timed Release Cryptography, Technical report MIT/LCS/TR-684, http://www.lcs.mit.edu/publications/.
39. K. Rubin and A. Silverberg, Supersingular abelian varieties in cryptography, in Advances in Cryptology-Crypto 2002, Lecture Notes in Comput. Sci. 2140, Springer-Verlag, Berlin, 2002, pp. 336-353.
40. R. Sakai, K. Ohgishi, and M. Kasahara, Cryptosystems Based on Pairings, in Proceedings of the Symposium on Cryptography and Information Security, Technical group on Information Security of the Institute of Electronics, Information and Communication Engineers (IEICE), Oiso, Japan, 2001, pp. 26-28.
41. A. Shamir, Identity-based cryptosystems and signature schemes, in Advances in Cryptology-Crypto 1984, Lecture Notes in Comput. Sci. 196, Springer-Verlag, Berlin, 1984, pp. 47-53.
42. V. Shoup, Lower bounds for discrete logarithms and related problems, in Proceedings of Eurocrypt 1997, Lecture Notes in Comput. Sci. 1233, Springer-Verlag, Berlin, 1997, pp. 256-266.
43. J. Silverman, The Arithmetic of Elliptic Curve, Springer-Verlag, Berlin, 1986.
44. S. Tsuji and T. Itoh, An ID-based cryptosystem based on the discrete logarithm problem, IEEE J. Selected Areas in Communication, 7 (1989), pp. 467-473.
45. H. Tanaka, A realization scheme for the identity-based cryptosystem, in Advances in Cryptology-Crypto 1887, Lecture Notes in Comput. Sci. 293, Springer-Verlag, Berlin, 1987, pp. 341-349.
46. E. Verheul, Evidence that XTR is more secure than supersingular elliptic curve cryptosystems, in Advances in Cryptology-Eurocrypt 2001, Lecture Notes in Comput. Sci. 2045, Springer-Verlag, Berlin, 2001, pp. 195-210.