Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security

Published byBarnaby Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security"— Presentation transcript:

1 Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security terence@voltage.com

2 Overview What is a Pairing? Pairing-based Crypto Applications Pairing-based Crypto Standards

3 What is a Pairing? An old mathematical idea It “pairs” elliptic curve points Has a very interesting property called bilinearity: Pair(aB, cD) = Pair(cB, aD) This property makes for a powerful new cryptographic primitive Popular cryptographic research area (200+ papers)

4 What can Pairings do? Identity based encryption Encryption where any string (like an email address) can be a public key Identity based key exchange Key exchange using identities Short signatures 160-bit signatures Searchable encryption, and others

5 Identity-Based Encryption (IBE) IBE is an old idea Originally proposed by Adi Shamir, co-inventor of the RSA Algorithm in 1984 Fundamental problem: can any string be used as a public key? Practical implementation: Boneh-Franklin Algorithm published at Crypto 2001 First efficient, provably secure IBE scheme

6 Identity-Based Encryption (IBE) The ability to use any string makes key management easier IBE Public Key: alice@gmail.com RSA Public Key: Public exponent=0x10001 Modulus=13506641086599522334960321627880596993888147 560566702752448514385152651060485953383394028715 057190944179820728216447155137368041970396419174 304649658927425623934102086438320211037295872576 235850964311056407350150818751067659462920556368 552947521350085287941637732853390610975054433499 9811150056977236890927563

7 How IBE works in practice Alice sends a Message to Bob bob@b.com Key Server Alice encrypts with bob@b.com 1 Requests private key, authenticat es 2 Receives Private Key for bob@b.com 3 Bob decrypts with Private Key 4 alice@a.co m bob@b.com

8 How IBE works in practice Charlie sends a Message to Bob bob@b.com Charlie encrypts with bob@b.com 1 Bob decrypts with Private Key 2 charlie@c.co m Fully off-line - no connection to server required bob@b.com Key Server

9 How Pairings Lead to IBE Setup Key generator generates secret s, random P Gives everyone P, sP Encryption Alice hashes Bob@b.com -> IDBob@b.com Encrypt message with k = Pair(rID, sP) Send encrypted message and rP Key Generation Bob authenticates, asks for private key Key generator gives back sID Decrypt Bob decrypts with k = Pair(sID, rP) Bob’s k and Alice’s k are identical

10 IBE’s Operational Characteristics Easy cross-domain encryption No per-user databases No per-user queries to find keys State of the system does not grow per user Key recovery Accomodates content scanning, anti-virus, archiving and other regulatory mechanisms Keys still under control of enterprise Fine-grained key control Easy to change authentication policy over time Revocation handled without CRLs

11 Sweet Spots for IBE Encryption Inside and outside the organization Sweet Spots for PKI Authentication Signing Inside the organization IBE and PKI - Complementary Strengths PKI Maximum protection Works well for signing/authentication Requires roll-out generate keys for users Certificate managment Identity-Based Encryption Good for encryption no key-lookup revocation is easy Ad-hoc capable requires no pre-enrollment Content scanning easy

12 Other Pairing Applications Short Signatures BLS scheme and others yield 160-bit signatures Half the size of DSA signatures Have other interesting properties Can aggregate signatures Allows, for example, a single signature on a cert chain Verifiable encrypted signatures Use in fair exchange, other protocols Searchable Encryption Key Exchange

13 Standards Activities IEEE Study Group formed last Monday, as part of the P1363 Group Goal is writing and submitting a PAR, defining the mission of the standards group 24 participants from various countries and industries Technical content drafts soon Pairings module: Hovav Shacham, Stanford IBE module: Mike Scott, Dublin City University Draft PAR agreed, to be submitted

14 Standards Philosophy Model after past IEEE cryptographic standards Standardize algorithms, but not protocols e.g. formats for IBE encrypted email would be part of a different standard Don’t block future standards based on PBC Allow for amendments that build on parts of this standard Separate IBE and PBC layers Limit scope to keep the task manageable Focus on one set of algorithms, split off other types of algorithms into separate standards

15 Proposed Structure of an PBC/IBE Standard Pairing Based Crypto Layer and Algorithm Layers Identity-Based Encryption Pairing Based Cryptography e.g. pairing, algorithms to compute pairings, curve types, curve parameters IBE based Protocols e.g. IBE email, key request etc. Identity based key exchange Signatures 1363 Other stds

16 Current Discussion Points Scaling Security to 128/256 bits Separation between pairing layer and crypto methods Curve families for embedded and hardware implementation

17 For More Information On 1363 activities: http://grouper.ieee.org/groups/1363/WorkingGroup/ On pairing based crypto Paulo Barreto’s Pairing Based Crypto Lounge http://paginas.terra.com.br/informatica/paulobarreto/pblounge.htm On IBE http://crypto.stanford.edu/ibe/ http://www.voltage.com

Download ppt "Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Key Management Nick Feamster CS 6262 Spring 2009.

Key Management Nick Feamster CS 6262 Spring 2009.
PAR for P1363.3 Title: Standard for Pairing based Cryptographic Techniques June 4, 2005 PAR for IEEE P1363.3.

PAR for P Title: Standard for Pairing based Cryptographic Techniques June 4, 2005 PAR for IEEE P
Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,

Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
RIKE Using Revocable Identities to Support Key Escrow in PKIs Nan Zhang, Jingqiang Lin, Jiwu Jing, Neng Gao State Key Laboratory of Information Security,

RIKE Using Revocable Identities to Support Key Escrow in PKIs Nan Zhang, Jingqiang Lin, Jiwu Jing, Neng Gao State Key Laboratory of Information Security,
An Introduction to Identity-based Cryptography

An Introduction to Identity-based Cryptography
PKI and Identity-Based Encryption Secure IT Conference 2007 Guido Appenzeller Voltage Security.

PKI and Identity-Based Encryption Secure IT Conference 2007 Guido Appenzeller Voltage Security.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Cryptography for Backup Navigation

Cryptography for Backup Navigation
Lect. 11: Public Key Cryptography. 2 Contents 1.Introduction to PKC 2.Hard problems  IFP  DLP 3.Public Key Encryptions  RSA  ElGamal 4.Digital Signatures.

Lect. 11: Public Key Cryptography. 2 Contents 1.Introduction to PKC 2.Hard problems  IFP  DLP 3.Public Key Encryptions  RSA  ElGamal 4.Digital Signatures.

Similar presentations

Ads by Google