An Efficient Identity-based Cryptosystem for End-to-end Mobile Security

1. An Efficient Identity-based Cryptosystem for End-to-end Mobile Security IEEE Transactions on Wireless Communications, 2006 Jing-Shyang Hwu, Rong-Jaye Chen, Yi-Bing Lin 2008. 12. 04 Presented by Jang Chol Soon

2. Contents • Introduction • Background • ID-based Encryption • Elliptic Curves • Divisor • Weil Pairing • Efficient Computation for Weil Pairing • Point Halving • Halve-and-Add Method for Weil Pairing • Performance Evaluation • Application System • Conclusions

3. Introduction • Mobile security • Mobile operators have provided security protection including • authentication and encryption for circuit-switched voice services. • Wireless data services(e.g. mobile banking) are likely to be offered • by third parties(e.g. banks) • The third parties can’t trust the security mechanisms of mobile operators. • :their own solution for end-to-end security. • End-to-end security mechanisms in mobile services • : public-key cryptosystem • The main concern in public-key cryptosystem • : the authenticity of public key ⇒ “certificate” • The certificate is issued by a trusted third party consisting of the user name • and his public key.

4. Introduction • ID-based cryptography • In 1984, Shamir • The public key of a user can be derived from public information • that uniquely identifies the user. (e.g. e-mail, telephone number) • The first complete ID-based cryptosystem • · In 2001, Boneh and Franklin • · use a bilinear map(Weil pairing) over elliptic curves • Major advantages • · No certificate • · Users need not memorize extra public keys. • Drawback • · Overhead for the pairing computing

5. Background • Background • A. ID-based Encryption (scheme) • B. Elliptic Curves • C. Divisor • D. Weil pairing

6. Background • A. ID-based Encryption (IBE) scheme • use a bilinear map called Weil pairing over elliptic curves. • bilinear map • · transform a pair of elements(P, Q) in group G1 • · send the pair to an element in group G2 in a way that satisfies • some properties (bilinearity: It should be linear in each entry of the pair.) • Weil pairing on elliptic curves is selected as the bilinear map • · G1 : the elliptic curve group → • · G2 : the multiplicative group → • The decryption procedure yields the correct message • because of the bilinearity of the Weil pairing.

7. Background • A. ID-based Encryption (IBE) scheme • The security level depends on the size of the finite field • because the scheme is constructed on an elliptic curve. • ex) an elliptic curve over 163-bit finite field = 1024-bit RSA • The most significant overhead isthe computation of Weil pairing. PKG Elliptic curves Weil pairing Sender Receiver

8. Background • B. Elliptic Curves • p : a prime larger than 3 • : infinity point → the identity element • An elliptic curve over a finite field of size p noted by GE(p) • are • The group operation is written as addition • instead of multiplication. λ : the slope of the line passing through P and Q

9. Background • C. Divisor • A useful device for keeping track of the zeros and poles of relational • functions • defined as a formal sum of points on elliptic curve group • : a non-zero integer that specifies the zero/pole property of point P • and its respective order. • A formula for adding two divisors in canonical form • · provide a method of finding a rational function f • · critical for computing Weil pairing

10. Background • D. Weil Pairing • Weil pairing e(P, Q) is defined as follows • The Weil pairing has the bilinearity property. • The first algorithm for e(P, Q) computation is Miller’s Algorithm.

11. Efficient Computation for Weil Pairing • Point halving algorithm • proposed by Knudsen • Fast computation for scalar multiplication on elliptic curve one field multiplication Three operations

12. Halve-and-Add Method for Weil Pairing • Halve-and-Add method • Method for the evaluation of rational functions used in the Miller’s algorithm • To take advantage of point halving · require 1 inversion, 3 multiplications, 1 squaring, and 1 square rootcomputing · advantage over the doubling

13. Performance Evaluation • Performance Evaluation By using halving, save · 2n inversions · 2n-3k multiplications · n squaring at the cost of solving n quadratic equation · 2n square roots · n trace computing

14. Performance Evaluation • Performance Evaluation

15. Application System • ID-based End-to-End Mobile Encryption System • typically based on Public-key cryptosystem • Traditional public-key cryptosystem • · The sender has to request the receiver’s public-key and verify its validity • before encrypting a message. • · When the receiver is off-line, • the sender can not communication with the receiver to request • the public-key • ID-based cryptosystem • · The sender can user the receiver’s ID(i.e., telephone number) as a public • key without any request and verification. • · Even if the receiver’s device is power-off, • the sender can still send an encrypted short message.

16. Application System • ID-based End-to-End Mobile Encryption System ID=0912345678 Private Key Generator (PKG) (1) Subscription time SIM Card KR Cipher Bob(0912345678) Alice SIM Card SIM Card (5) KR GSM Network ID-based Decryption ID-based Decryption (6) Message ID-based Encryption Message ID-based Encryption (2) Cipher (3) Bob’s phone number (public-key) (0912345678)

17. Conclusion • Conclusion • An efficient ID-based cryptography scheme for end-to-end mobile • security system • A fast method for computing the Weil pairing using point halving algorithm • : λ-representation in a normal basis • Contribution • to apply point halving algorithm to the ID-based scheme • an efficient approach to compute the rational function evaluation • algorithm