Batch Pairing Delegation
نویسندگان
چکیده
Abstract. Pairing-based cryptography (PBC) has enabled the construction of many cryptographic protocols. However, there are scenarios when PBC is too heavyweight to use, such as when the computing devices are resource-constrained. Pairing delegation introduced in [19] provides a solution by offloading the computation to more powerful entities. In this paper, we introduce the concept of, and construct several protocols for, batch pairing delegation, which offers significantly improved efficiency over multiple runs of state-of-the-art (non-batch) delegation protocols. We prove the security of our proposed protocols in the model we formalized for batch pairing delegation. Also, we have implemented our protocols in software for experimentation. Moreover, we argue that the secure delegation of pairing computation, batched or not, requires different protocols depending on the semantic meaning of the pairings. We propose a taxonomy that classifies pairings into seven types to assist in choosing the right delegation protocol. Finally, we propose a novel application of pairing delegation in trusted computing — we show how pairing delegation can be leveraged to build a secure coprocessor for pairing computation more cost-effectively.
منابع مشابه
An Efficient ID-Based Delegation Network
Delegation of signing capability is a common practice in various applications. Mambo et al. proposed a proxy signatures as a solution for delegation of signing capability. Proxy signatures allow a designated proxy signer to sign on behalf of an original signer. After the concept of proxy signature scheme was proposed, many variants are proposed to support more general delegation setting. To cap...
متن کاملFully Verifiable Secure Delegation of Pairing Computation: Cryptanalysis and An Efficient Construction
We address the problem of secure and verifiable delegation of general pairing computation. We first analyze some recently proposed pairing delegation schemes and present several attacks on their security and/or verifiability properties. In particular, we show that none of these achieve the claimed security and verifiability properties simultaneously. We then provide a fully verifiable secure de...
متن کاملSecure Delegation of Elliptic-Curve Pairing
In this paper we describe a simple protocol for secure delegation of the elliptic-curve pairing. A computationally limited device (typically a smart-card) will delegate the computation of the pairing e(A, B) to a more powerful device (for example a PC), in such a way that 1) the powerful device learns nothing about the points A and B, and 2) the limited device is able to detect when the powerfu...
متن کاملIdentification of Multiple Invalid Pairing-Based Signatures in Constrained Batches
This paper describes a new method in pairing-based signature schemes for identifying the invalid digital signatures in a batch after batch verification has failed. The method more efficiently identifies non-trivial numbers, w, of invalid signatures in constrained sized, N , batches than previously published methods, and does not require that the verifier possess detailed knowledge of w. Our met...
متن کاملEfficient Delegation of Pairing Computation
Pairing computation requires a lot of efforts for portable small devices such as smart cards. It was first considered concretely by Chevallier-Mames et al. that the cards delegate computation of pairings to a powerful device. In this paper, we propose more efficient protocols than those of Chevallier-Mames et al. in two cases, and provide two new variants that would be useful in real applications.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007