research-article

A Note on Subgroup Security in Pairing-Based Cryptography

Author:

Tadanori TeruyaAuthors Info & Claims

APKC '18: Proceedings of the 5th ACM on ASIA Public-Key Cryptography Workshop

Pages 35 - 43

https://doi.org/10.1145/3197507.3197514

Published: 23 May 2018 Publication History

Abstract

Barreto~et al.\ (LATINCRYPT~2015) proposed a security notion, called subgroup security, for elliptic curves in pairing-based cryptography. They also claimed that, in some schemes, if an elliptic curve is subgroup-secure, the membership check, called full membership check, can be replaced by a cheaper membership check, called light membership check, which results in faster schemes than the original ones. However, they also noticed that some schemes will not maintain security if this replacement is done. It is unclear what schemes allow a secure replacement of the membership check. In this paper, we show a concrete example of insecurity in the sense of subgroup security in order to help developers understand what subgroup security is and what properties are actually preserved. In our conclusion, we recommend the developers to use the full membership check because it is a simple and general technique to securely implement schemes. If the developers use the light membership check for performance reasons, it is critical to carefully check that security is preserved.

References

[1]

Adrian Antipa, Daniel R. L. Brown, Alfred Menezes, René Struik, and Scott A. Vanstone . 2003. Validation of Elliptic Curve Public Keys. In Public Key Cryptography - PKC 2003, 6th International Workshop on Theory and Practice in Public Key Cryptography, Miami, FL, USA, January 6--8, 2003, Proceedings (Lecture Notes in Computer Science), bibfieldeditorYvo Desmedt (Ed.), Vol. Vol. 2567. Springer, 211--223.

Digital Library

[2]

Diego F. Aranha, Paulo S. L. M. Barreto, Patrick Longa, and Jefferson E. Ricardini . 2013. The Realm of the Pairings. In Selected Areas in Cryptography - SAC 2013. 3--25.

Digital Library

[3]

Paulo S. L. M. Barreto, Craig Costello, Rafael Misoczki, Michael Naehrig, Geovandro C. C. F. Pereira, and Gustavo Zanon . 2015. Subgroup Security in Pairing-Based Cryptography. In Progress in Cryptology - LATINCRYPT 2015. 245--265.

Digital Library

[4]

Daniel J. Bernstein and Tanja Lange . 2014. SafeCurves: choosing safe curves for elliptic-curve cryptography. (December . 2014). deftempurl%https://safecurves.cr.yp.to/ tempurl Accessed January 11, 2018.

[5]

Alexandra Boldyreva . 2003. Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme. In Public Key Cryptography - PKC 2003. 31--46.

Digital Library

[6]

Dario Catalano and Dario Fiore . 2015. Using Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12--6, 2015. 1518--1529.

Digital Library

[7]

David Chaum . 1981. Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Commun. ACM Vol. 24, 2 (1981), 84--88.

Digital Library

[8]

Taher ElGamal . 1985. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Information Theory Vol. 31, 4 (1985), 469--472.

Digital Library

[9]

David Freeman, Michael Scott, and Edlyn Teske . 2010. A Taxonomy of Pairing-Friendly Elliptic Curves. J. Cryptology Vol. 23, 2 (2010), 224--280.

Digital Library

[10]

Laura Fuentes-Casta neda, Edward Knapp, and Francisco Rodr'ıguez-Henr'ıquez . 2011. Faster Hashing to $mathbbG_2$. In Selected Areas in Cryptography - SAC 2011. 412--430.

[11]

Daniel Genkin, Luke Valenta, and Yuval Yarom . 2017. May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017. 845--858.

Digital Library

[12]

Florian Hess . 2008. Pairing Lattices. In Pairing-Based Cryptography - Pairing 2008. 18--38.

Digital Library

[13]

Florian Hess, Nigel P. Smart, and Frederik Vercauteren . 2006. The Eta Pairing Revisited. IEEE Trans. Information Theory Vol. 52, 10 (2006), 4595--4602.

Digital Library

[14]

Tibor Jager, Jörg Schwenk, and Juraj Somorovsky . 2015. Practical Invalid Curve Attacks on TLS-ECDH. In Computer Security - ESORICS 2015. 407--425.

Digital Library

[15]

A. Kato, M. Scott, T. Kobayashi, and Y. Kawahara . 2016. Barreto-Naehrig Curves draft-kasamatsu-bncurves-02. (March . 2016). deftempurl%https://tools.ietf.org/html/draft-kasamatsu-bncurves-02 tempurl

[16]

Jonathan Katz and Yehuda Lindell . 2015. Introduction to Modern Cryptography (bibinfoedition2nd ed.). Chapman & Hall/CRC.

Digital Library

[17]

Chae Hoon Lim and Pil Joong Lee . 1997. A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp Advances in Cryptology - CRYPTO 1997. 249--263.

Digital Library

[18]

Nadia El Mrabet and Marc Joye (Eds.). . 2016. Guide to Pairing-Based Cryptography. Chapman and Hall/CRC.

Digital Library

[19]

Samuel Neves and Mehdi Tibouchi . 2016. Degenerate Curve Attacks - Extending Invalid Curve Attacks to Edwards Curves and Other Models. In Public-Key Cryptography - PKC 2016. 19--35.

Digital Library

[20]

Eric Zavattoni, Luis J. Dominguez Perez, Shigeo Mitsunari, Ana H. Sánchez-Ram'ırez, Tadanori Teruya, and Francisco Rodr'ıguez-Henr'ıquez . 2015. Software Implementation of an Attribute-Based Encryption Scheme. IEEE Trans. Computers Vol. 64, 5 (2015), 1429--1441.

Cited By

TERUYA T(2021)A Note on Subgroup Security in Discrete Logarithm-Based CryptographyIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences10.1587/transfun.2020CIP0019E104.A:1(104-120)Online publication date: 1-Jan-2021
https://doi.org/10.1587/transfun.2020CIP0019

Index Terms

A Note on Subgroup Security in Pairing-Based Cryptography
1. Security and privacy
  1. Cryptography
    1. Cryptanalysis and other attacks

Recommendations

Subgroup Security in Pairing-Based Cryptography
Proceedings of the 4th International Conference on Progress in Cryptology -- LATINCRYPT 2015 - Volume 9230

Pairings are typically implemented using ordinary pairing-friendly elliptic curves. The two input groups of the pairing function are groups of elliptic curve points, while the target group lies in the multiplicative group of a large finite field. At ...
Using Abelian Varieties to Improve Pairing-Based Cryptography

We show that supersingular Abelian varieties can be used to obtain higher MOV security per bit, in all characteristics, than supersingular elliptic curves. We give a point compression/decompression algorithm for primitive subgroups associated with ...
Comparing two pairing-based aggregate signature schemes

In 2003, Boneh, Gentry, Lynn and Shacham (BGLS) devised the first provably-secure aggregate signature scheme. Their scheme uses bilinear pairings and their security proof is in the random oracle model. The first pairing-based aggregate signature scheme ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

APKC '18: Proceedings of the 5th ACM on ASIA Public-Key Cryptography Workshop

May 2018

66 pages

ISBN:9781450357562

DOI:10.1145/3197507

Program Chairs:
Keita Emura
National Institute of Information & Communications Technology, Japan
,
Jae Hong Seo
Hanyang University, Korea
,
Yohei Watanabe
The University of Electro-Communications, Japan

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 May 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

JST CREST

Conference

ASIA CCS '18

Sponsor:

SIGSAC

ASIA CCS '18: ACM Asia Conference on Computer and Communications Security

June 4, 2018

Incheon, Republic of Korea

Acceptance Rates

APKC '18 Paper Acceptance Rate 7 of 20 submissions, 35%;

Overall Acceptance Rate 36 of 103 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
111
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

TERUYA T(2021)A Note on Subgroup Security in Discrete Logarithm-Based CryptographyIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences10.1587/transfun.2020CIP0019E104.A:1(104-120)Online publication date: 1-Jan-2021
https://doi.org/10.1587/transfun.2020CIP0019

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten