an efficient identity-based cryptosystem for end-to-end mobile security ieee transactions on...
TRANSCRIPT
An Efficient Identity-based Cryptosystem for
End-to-end Mobile Security
IEEE Transactions on Wireless Communications, 2006
Jing-Shyang Hwu, Rong-Jaye Chen, Yi-Bing Lin
2008. 12. 04
Presented by Jang Chol Soon
-2-
Contents
Introduction
Background
ID-based Encryption
Elliptic Curves
Divisor
Weil Pairing
Efficient Computation for Weil Pairing
Point Halving
Halve-and-Add Method for Weil Pairing
Performance Evaluation
Application System
Conclusions
-3-
Introduction
Mobile security
Mobile operators have provided security protection including
authentication and encryption for circuit-switched voice services.
Wireless data services(e.g. mobile banking) are likely to be offered
by third parties(e.g. banks)
The third parties can’t trust the security mechanisms of mobile operators.
: their own solution for end-to-end security.
End-to-end security mechanisms in mobile services
: public-key cryptosystem
The main concern in public-key cryptosystem
: the authenticity of public key ⇒ “certificate”
The certificate is issued by a trusted third party consisting of the user name
and his public key.
-4-
Introduction
ID-based cryptography
In 1984, Shamir
The public key of a user can be derived from public information
that uniquely identifies the user. (e.g. e-mail, telephone number)
The first complete ID-based cryptosystem
· In 2001, Boneh and Franklin
· use a bilinear map(Weil pairing) over elliptic curves
Major advantages
· No certificate
· Users need not memorize extra public keys.
Drawback
· Overhead for the pairing computing
-5-
Background
Background
A. ID-based Encryption (scheme)
B. Elliptic Curves
C. Divisor
D. Weil pairing
-6-
Background
A. ID-based Encryption (IBE) scheme
use a bilinear map called Weil pairing over elliptic curves.
bilinear map
· transform a pair of elements(P, Q) in group G1
· send the pair to an element in group G2 in a way that satisfies
some properties (bilinearity: It should be linear in each entry of the pair.)
Weil pairing on elliptic curves is selected as the bilinear map
· G1 : the elliptic curve group →
· G2 : the multiplicative group →
The decryption procedure yields the correct message
because of the bilinearity of the Weil pairing.
-7-
Background
Sender Receiver
PKG
Weil pairing
Elliptic curves
A. ID-based Encryption (IBE) scheme
The security level depends on the size of the finite field
because the scheme is constructed on an elliptic curve.
ex) an elliptic curve over 163-bit finite field = 1024-bit RSA
The most significant overhead is the computation of Weil pairing.
-8-
Background
B. Elliptic Curves
p : a prime larger than 3
: infinity point → the identity element
An elliptic curve over a finite field of size p noted by GE(p)
are
The group operation is written as addition
instead of multiplication.
λ : the slope of the line passing through P and Q
-9-
Background
C. Divisor
A useful device for keeping track of the zeros and poles of relational
functions
defined as a formal sum of points on elliptic curve group
: a non-zero integer that specifies the zero/pole property of point P
and its respective order.
A formula for adding two divisors in canonical form
· provide a method of finding a rational function f
· critical for computing Weil pairing
-10-
Background
D. Weil Pairing
Weil pairing e(P, Q) is defined as follows
The Weil pairing has the bilinearity property.
The first algorithm for e(P, Q) computation is Miller’s Algorithm.
-11-
Efficient Computation for Weil Pairing
Point halving algorithm
proposed by Knudsen
Fast computation for scalar multiplication on elliptic curve
one field multiplication
Three operations
-12-
Halve-and-Add Method for Weil Pairing
Halve-and-Add method
Method for the evaluation of rational functions used in the Miller’s algorithm
To take advantage of point halving
· require 1 inversion, 3 multiplications,
1 squaring, and 1 square root computing
· advantage over the doubling
· require 1 inversion, 3 multiplications,
1 squaring, and 1 square root computing
· advantage over the doubling
-13-
Performance Evaluation
Performance Evaluation
By using halving, save
· 2n inversions
· 2n-3k multiplications
· n squaring at the cost of
solving n quadratic equation
· 2n square roots
· n trace computing
By using halving, save
· 2n inversions
· 2n-3k multiplications
· n squaring at the cost of
solving n quadratic equation
· 2n square roots
· n trace computing
-15-
Application System
ID-based End-to-End Mobile Encryption System
typically based on Public-key cryptosystem
Traditional public-key cryptosystem
· The sender has to request the receiver’s public-key and verify its validity
before encrypting a message.
· When the receiver is off-line,
the sender can not communication with the receiver to request
the public-key
ID-based cryptosystem
· The sender can user the receiver’s ID(i.e., telephone number) as a public
key without any request and verification.
· Even if the receiver’s device is power-off,
the sender can still send an encrypted short message.
-16-
Application System
ID-based End-to-End Mobile Encryption System
SIM Card
ID-based
Decryption
ID-based
EncryptionMessage
SIM Card
ID-based
Decryption
ID-based
Encryption
Cipher
Cipher
GSM Network
SIM CardKR
Bob(0912345678)Alice
ID=0912345678
Message
Private Key Generator
(PKG)
Bob’s phone number (public-key)
(0912345678)
(1)
(2)
(3)
(5) KR
(6)
Su
bscrip
tion
time
-17-
Conclusion
Conclusion
An efficient ID-based cryptography scheme for end-to-end mobile
security system
A fast method for computing the Weil pairing using point halving algorithm
: λ-representation in a normal basis
Contribution
to apply point halving algorithm to the ID-based scheme
an efficient approach to compute the rational function evaluation
algorithm