Project : tanc
Section: New Results
Identity based cryptosystems
Elliptic curves in cryptography have first been used to replace finite fields in protocols whose security relies on the discrete logarithm problem, essentially keeping the protocols as they are and substituting one algebraic structure for another. There are, however, new applications of elliptic curves that exploit specific additional structures that are not found in the finite field setting, for instance the Tate and Weil pairings.
Everybody knows that the most difficult problem in modern cryptography, and more precisely its would-be widespread use, is the key authentification problem, or more generally that of authenticating principals on an open network. The ``classical'' approach to this problem is that of a public key infrastructure (PKI), in which some centralized or decentralized authority issues certificates for authenticating the different users. Another approach, less publicized, is that of identity based cryptography (ID), in which the public key of a user can be built very easily from his email address for instance. The cryptographic burden is then put on the shoulders of the private key generator (PKG) that must be contacted by the users privately to get his secret key and open their emails. The ID approach can be substituted to the PKI approach in some cases, where some form of ideal trustable PKG exists (private networks, etc.).
This ID idea is not new, but no efficient and robust protocol was known prior to the ideas of Boneh et al. using pairings on elliptic curves. R. Dupont and A. Enge have worked on such an ID-system. They have defined a notion of security for such a protocol and have given a proof of security of a generalization of a system of Sakai, Ohgishi and Kasahara' in this model .
The CESAM project is a contract of the ACI Sécurité Informatique, involving TANC and the crypto team at ENS. The goal of this project is to study cryptographic protocols involving elliptic curves, with a view towards specific environment where the resources (cpu, memory, bandwidth) are limited.
A first result has been obtained in this framework . An authenticated key exchange algorithm is designed using specific properties of elliptic curves, namely the existence of the quadratic twist that we can associate to any elliptic curve. The nice feature of our approach is that it is possible to prove the security of the protocol in the standard model, and in particular without relying on the controversial Random Oracle Model. Indeed, in key exchange protocols, the session key is usually obtained via the application of a hash function to a group element. In our case, this hash function is no longer necessary.
The curves that can be used in this protocol are not the same as the curves that are used in classical protocols, since the group orders of the curve and of the quadratic twist need both to be prime. A. Enge has made use of the complex multiplication approach presented above to generate such curves. Finding curves of cryptographic size (192 bits) is a matter of seconds with his implementation. A note is in preparation.
Security in ad hoc networks
Participant : François Morain.
F. Morain and D. Augot (CODES) participate in the ACI SERAC (SEcuRity models and protocols for Ad-hoC Networks), which started in september 2004. Their interest there is to understand the (new?) cryptographic needs required and to try to invent new trust models.
It is clear that the arrival of Hipercom (also a member of SERAC) at École polytechnique will trigger new collaborations in that direction too.