a new approach on bilinear pairings and its applications tatsuaki okamoto
TRANSCRIPT
![Page 1: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/1.jpg)
A New Approach on Bilinear Pairingsand Its Applications
Tatsuaki Okamoto
![Page 2: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/2.jpg)
Are Alfred Menezes, O. and Scott Vanstone such persons by their attack to ECC in 1990?
No, it is not true!
Who Used Bilinear Pairings in Cryptography for the First Time?
![Page 3: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/3.jpg)
Unsung Hero in Pairing-Based Cryptography
Burt Kaliski
In his PhD thesis in 1988, he did a pioneer work on bilinear pairings for a cryptographic application.
![Page 4: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/4.jpg)
![Page 5: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/5.jpg)
Contents
A general construction of pseudo-random generators over general Abelian groups.
A typical example: construction on general elliptic curves.
It is necessary to determine the group structure of the underlying curve.
Weil pairing is employed.
![Page 6: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/6.jpg)
![Page 7: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/7.jpg)
![Page 8: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/8.jpg)
![Page 9: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/9.jpg)
MOV Reduction
1988: PhD Thesis of B. Kaliski 1990: Menezes, O. and Vanstone
read his thesis and learnt the cryptographic application of the Weil pairing and Miller’s algorithm. We then found the reduction of ECDL to MDL by using the Weil pairing.
![Page 10: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/10.jpg)
Reply message from Kaliski
Victor Miller visited Ron Rivest when I was a graduate student, and he met with me about my research. If I recall correctly, I asked him if he knew a way to determine whether an elliptic curve group was cyclic, and he suggested the Weil pairing. He also gave me a copy of his algorithm for computing the Weil pairing, and agreed that I could implement it for my thesis.
![Page 11: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/11.jpg)
A New Approach on Bilinear Pairingsand Its Applications
Joint Work with Katsuyuki Takashima (Mitsubishi Electric)
![Page 12: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/12.jpg)
Pairing-Based Cryptography
![Page 13: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/13.jpg)
Why Did Pairing-Based Cryptography So Succeed?
Mathematically Richer Structure
Traditional Crypto: genus 0
Pairing-Based Crypto: genus 1
pnn FEZZnE
(e.g., Multiplicative group)
(e.g., pairing-friendly elliptic curve group)
![Page 14: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/14.jpg)
Additional Math Structure with Pairings
Traditional Techniques over Cyclic Groups
Pairing Additional Structure as well as
the Above Properties
smHomomorphi : -
ityCommutativ : )()( -
) from compute to (hard-way One : -
yBilinearit : ),(),( -
:smHomomorphi : -
ityCommutativ : )()( -
from compute to (hard-way One : -
![Page 15: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/15.jpg)
New Approach on Pairings:
Constructing a Richer Structure from Pairing Groups
![Page 16: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/16.jpg)
Pairing Groups
![Page 17: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/17.jpg)
The Most Natural Way to Make a Richer Algebraic Structure from Pairing Groups
Direct Product of Pairing Groups
![Page 18: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/18.jpg)
Vector Addition
Scalar multiplication
N-Dimensional Vector Spaces:
*,
![Page 19: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/19.jpg)
N-Dimensional Vector Spaces: *,
Canonical Bases
Element Expression on Canonical Basis
![Page 20: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/20.jpg)
Duality
e e
![Page 21: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/21.jpg)
Orthonormality
![Page 22: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/22.jpg)
Base Change
![Page 23: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/23.jpg)
Base Change
![Page 24: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/24.jpg)
Trapdoor
hard
easy
![Page 25: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/25.jpg)
Special Case: Self-Duality
![Page 26: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/26.jpg)
Abstraction: Dual Pairing Vector Spaces (DPVS)
![Page 27: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/27.jpg)
Construction of Dual Pairing Vector Spaces:
Direct product of pairing groups
(e.g., product of elliptic curves) Jocobian of supersingular
hyperelliptic curves
[Takashima, ANTS’08]
![Page 28: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/28.jpg)
Intractable Problems in DPVSSuitable for Cryptographic Applications
Vector Decomposition Problem (VDP)
Decisional VDP (DVDP)
Decisional Subspace Problem (DSP)
![Page 29: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/29.jpg)
Vector Decomposition Problem (VDP)
hard
![Page 30: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/30.jpg)
Special Case of Vector Decomposition Problem (VDP)
easy
![Page 31: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/31.jpg)
[Yoshida, Mitsunari and Fujiwara 2003], [Yoshida 2003]Introduced VDP on elliptic curves.
History of Vector Decomposition Problem (VDP)
![Page 32: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/32.jpg)
[Duursma and Kiyavash 2005], [Duursma and Park 2006],VDP on hyperelliptic curves, higher dimensional ElGamal-type signatures
History of Vector Decomposition Problem (VDP)
![Page 33: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/33.jpg)
[Galbraith and Verheul, PKC 2008] Introduced “distortion eigenvector basis”
for VDP on elliptic curves.
History of Vector Decomposition Problem (VDP)
![Page 34: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/34.jpg)
O. and Takashima (Pairing 2008): Introduced more general notion,
“distortion eigenvector spaces”, for higher dimensional spaces, and showed several cryptographic applications.
We also extended the concept to “dual pairing vector spaces” (Aisiacrypt 2009) for VDP and other problems, and showed an application to predicate encryption.
History of Vector Decomposition Problem (VDP)
![Page 35: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/35.jpg)
Trapdoor of VDP: Algorithm Deco
![Page 36: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/36.jpg)
Decisional VDP (DVDP)
11
AdvAdv
DVDPAssumption
![Page 37: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/37.jpg)
Decisional Subspace Problem (DSP)
11
AdvAdv
DSPAssumption
![Page 38: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/38.jpg)
0
0
Relations with DDH and DLIN Problems
![Page 39: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/39.jpg)
Trapdoors for DVDP and DSP
Algorithm Deco with X Pairing with
Hierarchy of trapdoors
(Top level trapdoor)
![Page 40: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/40.jpg)
Related Works and Properties
![Page 41: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/41.jpg)
Application to Cryptography
![Page 42: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/42.jpg)
Multivariate Homomorphic Encryption
Homomorphic property
![Page 43: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/43.jpg)
Multivariate Homomorphic Encryption
![Page 44: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/44.jpg)
Predicate Encryption Scheme
![Page 45: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/45.jpg)
Summary
A new approach on bilinear pairing: Dual pairing vector spaces
- enjoy richer algebraic structures Cryptographic applications: - predicate encryption for inner-
products - more…
![Page 46: A New Approach on Bilinear Pairings and Its Applications Tatsuaki Okamoto](https://reader036.vdocument.in/reader036/viewer/2022062322/56649e985503460f94b9b593/html5/thumbnails/46.jpg)
Thank you!