Unbelievable Security. Matching AES Security Using Public Key Systems
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series)
Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series)
Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
A Taxonomy of Pairing-Friendly Elliptic Curves
Journal of Cryptology
IEEE Transactions on Information Theory
Instantiability of RSA-OAEP under chosen-plaintext attack
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
New software speed records for cryptographic pairings
LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
High-speed software implementation of the optimal ate pairing over Barreto-Naehrig curves
Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
Faster explicit formulas for computing pairings over ordinary curves
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Unbounded HIBE and attribute-based encryption
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Improved cryptanalysis of the multi-prime φ-hiding assumption
AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Evaluating 2-DNF formulas on ciphertexts
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Hierarchical identity based encryption with constant size ciphertext
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Faster squaring in the cyclotomic subgroup of sixth degree extensions
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Converting pairing-based cryptosystems from composite-order groups to prime-order groups
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Pairing-Based cryptography at high security levels
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
Pairing-Friendly elliptic curves of prime order
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Tools for simulating features of composite order bilinear groups in the prime order setting
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
On the (im)possibility of projecting property in prime-order setting
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Pairing'12 Proceedings of the 5th international conference on Pairing-Based Cryptography
| Hi-index | 0.00 |
We provide software implementation timings for pairings over composite-order and prime-order elliptic curves. Composite orders must be large enough to be infeasible to factor. In the literature, protocols use orders which are product of 2 up to 5 large prime numbers. Our contribution is three-fold. First, we extend the results of Lenstra concerning the RSA modulus sizes to multi-prime modulus, for various security levels. We then implement a Tate pairing over a composite order supersingular curve and an optimal ate pairing over a prime-order Barreto-Naehrig curve, both at the 128-bit security level. Thirdly we use our implementation timings to deduce the total cost of the homomorphic encryption scheme of Boneh, Goh and Nissim and its translation by Freeman in the prime-order setting. We also compare the efficiency of the unbounded Hierarchical Identity Based Encryption protocol of Lewko and Waters and its translation by Lewko in the prime order setting. Our results strengthen the previously observed inefficiency of composite-order bilinear groups and advocate the use of prime-order group whenever possible in protocol design.