June 4, 2005 PAR for IEEE P1363.3 1

PAR for P1363.3

Title:

• Standard for Pairing based Cryptographic Techniques

June 4, 2005 PAR for IEEE P1363.3 2

Scope:

• “Specification of Identity-Based cryptographic techniques based on Pairings.

• Specification of– Pairings,– algorithms to compute the pairings,– recommended elliptic curves and curve

parameters.”

June 4, 2005 PAR for IEEE P1363.3 3

What is Identity-Based Cryptography?

Basic Idea: Public-key Encryption with identities as Public Keys• Users have a public and a private key

• Public key is common names, numbers, pre-existing identifiers

• Private key is issued by an authority using a master key

• Simplifies Key Management – No key lookup, allows use of short lived keys etc..

IBE Public Key:

alice@gmail.com

RSA Public Key:

Public exponent = 0x10001Modulus = 135066410865995223349603216278805969938881471191

560566702752448514385152651060485953383394028715

057190944179820728216447155137368041970396419174304649658927425623934102086438320211037295872576

235850964311056407350150818751067659462920556368

5529475213500852879416377328533906109750544334999811150056977236890927563

June 4, 2005 PAR for IEEE P1363.3 4

What are Pairings?

• Mappings between mathematical groups– Bilinear, non-degenerate, & efficiently computable

– Examples: Weil pairings, Tate pairings

• Can be exploited for good or bad– basis for cryptographic attacks (c. 1993), or– building new cryptographic systems (c. 2000)

June 4, 2005 PAR for IEEE P1363.3 5

Why standardize Pairing-Based Cryptography?

• Strong Momentum in Industry– Several companies have developed applications

(Hewlett-Packard, NTT, Gemplus, ST Microelectronics, Voltage, NoreTech…)

– 10,000’s of IBE based email encryption users alone– Hardware support for PBC from leading smart card vendors– Interest from NSA, GCHQ and NIST

• Strong Demand for a Standard – Customers have voiced strong need for standardization– Message format and protocol standards need a cryptographic

foundation– All companies and organizations listed above are supportive of

the standards effort

June 4, 2005 PAR for IEEE P1363.3 6

Why standardize Pairing-Based Cryptography?

• Major Interest from the Research Community– Over 250 scientific publications on Identity-Based

Techniques and Pairings (Google Scholar)– Workshop on Pairing Based Cryptography (June 2005)– Special edition of Journal of Cryptology on Pairings– RSA Conference Award for Mathematics awarded to Dan

Boneh for IBE and PBC

June 4, 2005 PAR for IEEE P1363.3 7

Reason for project (from PAR)

• “Identity-Based Cryptographic techniques based on pairings have received considerable attention in academia and industry over the last years.– Over 250 academic publications reference identity-based

cryptographic techniques,– industry has started to deploy identity-based software and– hardware vendors have announced hardware support for

identity-based techniques.• The reason for this working group is to foster a common

standard on identity-based cryptographic techniques based on Pairings.”

June 4, 2005 PAR for IEEE P1363.3 8

Relationship to other 1363 standards

• Another form of public key cryptography– different than 1363, 1363-a, P1363.1 and P1363.2

• Pairings are not covered in other 1363’s

• Identity Based crypto is not in other 1363’s

• Uses techniques & foundation of 1363/1363a– e.g. field arithmetic, elliptic curve techniques

June 4, 2005 PAR for IEEE P1363.3 9

Purpose:• “The proliferation of electronic communication and the internet,

brings with it the need for privacy and data protection. Public Key Cryptography offers fundamental technology addressing this need. Many alternative public-key techniques have been proposed, each with its own benefits. The IEEE 1363 Standard and P1363a project have produced a comprehensive reference defining a range of common public-key techniques covering key agreement, public-key encryption and digital signatures from several families, namely the discrete logarithm, integer factorization, and elliptic curve families.

• IEEE P1363.3 will specify Identity-Based Cryptographic techniques based on Pairings. These offer advantages over classic public key techniques specified in IEEE 1363, examples are the lack of a requirement to exchange or look up public keys of a recipient and the simplified use of short-lived keys.”