PAR for P1363.3 Title: Standard for Pairing based Cryptographic Techniques June 4, 2005 PAR for IEEE P1363.3
Scope: “Specification of Identity-Based cryptographic techniques based on Pairings. Specification of Pairings, algorithms to compute the pairings, recommended elliptic curves and curve parameters.” June 4, 2005 PAR for IEEE P1363.3
What is Identity-Based Cryptography? Basic Idea: Public-key Encryption with identities as Public Keys Users have a public and a private key Public key is common names, numbers, pre-existing identifiers Private key is issued by an authority using a master key Simplifies Key Management – No key lookup, allows use of short lived keys etc.. IBE Public Key: alice@gmail.com RSA Public Key: Public exponent = 0x10001 Modulus = 135066410865995223349603216278805969938881471191 560566702752448514385152651060485953383394028715 057190944179820728216447155137368041970396419174 304649658927425623934102086438320211037295872576 235850964311056407350150818751067659462920556368 552947521350085287941637732853390610975054433499 9811150056977236890927563 June 4, 2005 PAR for IEEE P1363.3
What are Pairings? Mappings between mathematical groups Bilinear, non-degenerate, & efficiently computable Examples: Weil pairings, Tate pairings Can be exploited for good or bad basis for cryptographic attacks (c. 1993), or building new cryptographic systems (c. 2000) June 4, 2005 PAR for IEEE P1363.3
Why standardize Pairing-Based Cryptography? Strong Momentum in Industry Several companies have developed applications (Hewlett-Packard, NTT, Gemplus, ST Microelectronics, Voltage, NoreTech…) 10,000’s of IBE based email encryption users alone Hardware support for PBC from leading smart card vendors Interest from NSA, GCHQ and NIST Strong Demand for a Standard Customers have voiced strong need for standardization Message format and protocol standards need a cryptographic foundation All companies and organizations listed above are supportive of the standards effort June 4, 2005 PAR for IEEE P1363.3
Why standardize Pairing-Based Cryptography? Major Interest from the Research Community Over 250 scientific publications on Identity-Based Techniques and Pairings (Google Scholar) Workshop on Pairing Based Cryptography (June 2005) Special edition of Journal of Cryptology on Pairings RSA Conference Award for Mathematics awarded to Dan Boneh for IBE and PBC June 4, 2005 PAR for IEEE P1363.3
Reason for project (from PAR) “Identity-Based Cryptographic techniques based on pairings have received considerable attention in academia and industry over the last years. Over 250 academic publications reference identity-based cryptographic techniques, industry has started to deploy identity-based software and hardware vendors have announced hardware support for identity-based techniques. The reason for this working group is to foster a common standard on identity-based cryptographic techniques based on Pairings.” June 4, 2005 PAR for IEEE P1363.3
Relationship to other 1363 standards Another form of public key cryptography different than 1363, 1363-a, P1363.1 and P1363.2 Pairings are not covered in other 1363’s Identity Based crypto is not in other 1363’s Uses techniques & foundation of 1363/1363a e.g. field arithmetic, elliptic curve techniques June 4, 2005 PAR for IEEE P1363.3
Purpose: “The proliferation of electronic communication and the internet, brings with it the need for privacy and data protection. Public Key Cryptography offers fundamental technology addressing this need. Many alternative public-key techniques have been proposed, each with its own benefits. The IEEE 1363 Standard and P1363a project have produced a comprehensive reference defining a range of common public-key techniques covering key agreement, public-key encryption and digital signatures from several families, namely the discrete logarithm, integer factorization, and elliptic curve families. IEEE P1363.3 will specify Identity-Based Cryptographic techniques based on Pairings. These offer advantages over classic public key techniques specified in IEEE 1363, examples are the lack of a requirement to exchange or look up public keys of a recipient and the simplified use of short-lived keys.” June 4, 2005 PAR for IEEE P1363.3