Download ppt - IEEE Standards working groups

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
Document related concepts
no text concepts found
Transcript 
Pairing Standards
Mike Scott
Noretech Ltd
Standards.
• “What the Gods would destroy they first
send to the IEEE for standardization”
(Slashdot quote from last week….)
• Its important to come up with a standard
that is as “simple” and implementerfriendly as possible. Not too mathematical.
A Unified approach
• Can a scheme like IBE be presented in a
curve-independent fashion?
• Probably not – but worth a try.
• B&F IBE can use SS or non-SS curves,
char p, or char 2, or char 3, or genus 2…
• I have tried to describe it in this way –
pushing differences and detail down a
level.
B&F vs B&B
• New IBE scheme
• IDs hash to integer – much easier than
hashing to a curve point
• Like Sakai & Kasahara
• Note attempt to generalise description for
non-SS curves – see θ function
Some notation
• Field size F
• Group size G
• Standard contemporary security (F/G) =
(1024/160)
• How to scale up – remember SHA-1?
• Koblitz & Menezes, Scott – increase
embedding degree k → non-SS curves
Do all schemes scale?
• BLS signature does not scale
• I don’t see a long term future for it.
• No known way to find suitable curve with
F≈G and k>6
Weil Pairing anyone?
• Eventually, it must be faster
• Complexity O(F2G) vs O(F3)
• Unsure as to cross-over point – more
experimentation required
• Probably not superior to Tate for
“reasonable” security levels
Characteristic 2 SS curves
• Fastest known pairings??
• See section 6 of recent eprint paper by
Barreto,Galbraith,O’hEigeartaigh,Scott
• If we are envisaging implementation on
low powered devices (sensor networks)..
• No power consuming fast integer mul
instruction needed.
• Hashing ID to point much faster
Char 2/3 characteristic curves
• Security questions?
• See Lenstra (“Unbelievable security”
Asiacrypt 2001) for authoritative opinion.
• Personally I don’t like char 3 – made
popular by BLS short signature (See
above)
• Higher embedding degree offset by
awkward implementation on binary
computers?
Attachments
• Very draft standard for IBE schemes.
Need to add a “tips” section for
optimizations for each particular type of
curve. Owes a lot to Voltage #IBCS 1.
• “Scaling the Tate Pairing” – some
experimental results
• Deterministic hashing to curve points is
possible for certain curves.
Concerns
• Need to be careful not to do anything to
upset security proofs.
• Not sure of demarcation line between what
I am trying to do, and Hovav’s work.
• I am sure others will disagree with my
approach – but I am eager to take on
board the views of others!
Related documents
Document
Document
Section 4.2 Families of Curves
Section 4.2 Families of Curves
Handout: Supply and Demand
Handout: Supply and Demand
Slide 1
Slide 1
HWK 5
HWK 5
Theory of Markets
Theory of Markets
Section 4.1 – Density Curves 1 Section 4.1 Density Curves A density
Section 4.1 – Density Curves 1 Section 4.1 Density Curves A density
Unit 2 Study Guide
Unit 2 Study Guide
FORM AND DATABASE DESIGN
FORM AND DATABASE DESIGN
5.1 Notes, AP Stat
5.1 Notes, AP Stat
Population changes
Population changes
Solutions to Homework 4
Solutions to Homework 4
Supply and Demand: Making the Graphs Describe Our Economy
Supply and Demand: Making the Graphs Describe Our Economy
Notes 1.3
Notes 1.3
Automating Cognitive Model Improvement by A*Search and
Automating Cognitive Model Improvement by A*Search and
Are you need of $Cash
Are you need of $Cash
Concepts For Micro Theory
Concepts For Micro Theory
This is first slide - International Association for
This is first slide - International Association for
Supply Powerpoint
Supply Powerpoint
On the moduli of genus 2 curves over finite fields Atsuki UMEGAKI
On the moduli of genus 2 curves over finite fields Atsuki UMEGAKI
ORDBMS
ORDBMS
SELF-CONSISTENT LOCALLY DEFINED PRINCIPAL SURFACES
SELF-CONSISTENT LOCALLY DEFINED PRINCIPAL SURFACES