Revision as of 17:32, 28 March 2023 edit 2001:a18:a:1d06:116d:5b60:33db:9b18 (talk) →Cryptanalysis: typo ← Previous edit		Revision as of 08:28, 18 June 2023 edit undo Citation bot (talk \| contribs) Bots 5,865,680 edits Add: s2cid, doi, pages, authors 1-1. Removed parameters. Some additions/deletions were parameter name changes. \| Use this bot. Report bugs. \| Suggested by Abductive \| Category:Elliptic curve cryptography \| #UCB_Category 11/35 Next edit →
Line 22: For example, in groups equipped with a [[Bilinear map\|bilinear mapping]] such as the [[Weil pairing]] or [[Tate pairing]], generalizations of the [[Diffie–Hellman problem\|computational Diffie–Hellman problem]] are believed to be infeasible while the simpler [[decisional Diffie–Hellman assumption\|decisional Diffie–Hellman problem]] can be easily solved using the pairing function. The first group is sometimes referred to as a '''Gap Group''' because of the assumed difference in difficulty between these two problems in the group. While first used for [[cryptanalysis]],<ref>{{cite journal\|last1=Menezes\|first1=Alfred J. Menezes\|last2=Okamato\|first2=Tatsuaki\|last3=Vanstone\|first3=Scott A.\|title=Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field\|journal=IEEE Transactions on Information Theory\|date=1993\|volume=39\|issue=5\|pages=1639–1646 \|doi=10.1109/18.259647 }}</ref> pairings have also been used to construct many cryptographic systems for which no other efficient implementation is known, such as [[identity-based encryption]] or [[attribute-based encryption]] schemes. Pairing-based cryptography is used in the [[Cryptographic commitment#KZG commitment\|KZG cryptographic commitment scheme]]. Line 34: In June 2012 the [[National Institute of Information and Communications Technology]] (NICT), [[Kyushu University]], and [[Fujitsu#Fujitsu Laboratories\|Fujitsu Laboratories Limited]] improved the previous bound for successfully computing a discrete logarithm on a [[supersingular elliptic curve]] from 676 bits to 923 bits.<ref>{{cite web \|work=Press release from NICT \|date=June 18, 2012 \|url=http://www.nict.go.jp/en/press/2012/06/18en-1.html \|title=NICT, Kyushu University and Fujitsu Laboratories Achieve World Record Cryptanalysis of Next-Generation Cryptography }}</ref> In 2016, the Extended Tower Number Field Sieve algorithm<ref>{{Cite journal \|~~last~~last1=Kim \|~~first~~first1=Taechan \|last2=Barbulescu \|first2=Razvan \|date=2015 \|title=Extended Tower Number Field Sieve: A New Complexity for the Medium Prime Case \|url=https://eprint.iacr.org/2015/1027 \|journal=Cryptology ePrint Archive \|language=en}}</ref> allowed to reduce the complexity of finding discrete logarithm in some resulting groups of pairings. Thus, the security level of some pairing friendly elliptic curves have been later reduced.<ref>{{Cite journal \|~~last~~last1=Barbulescu \|~~first~~first1=Razvan \|last2=Duquesne \|first2=Sylvain \|date=2019-10-01 \|title=Updating Key Size Estimations for Pairings \|url=https://doi.org/10.1007/s00145-018-9280-5 \|journal=Journal of Cryptology \|language=en \|volume=32 \|issue=4 \|pages=1298–1336 \|doi=10.1007/s00145-018-9280-5 \|s2cid=253635514 \|issn=1432-1378}}</ref> == References ==

Pairing-based cryptography: Difference between revisions