# Project : tanc

## Section: New Results

### Cryptographic protocols

#### Identity based cryptosystems

Participants : Régis Dupont, Andreas Enge.

Elliptic curves in cryptography have first been used to replace finite fields in protocols whose security relies on the discrete logarithm problem, essentially keeping the protocols as they are and substituting one algebraic structure for another. There are, however, new applications of elliptic curves that exploit specific additional structures that are not found in the finite field setting, for instance the Tate and Weil pairings.

Everybody knows that the most
difficult problem in modern cryptography, and more precisely its
would-be widespread use, is the key authentification problem, or more
generally that of authenticating principals on an open network. The
``classical'' approach to this problem is that of a *public key
infrastructure* (PKI), in which some centralized or decentralized
authority issues certificates for authenticating the different
users. Another approach, less publicized, is that of *identity
based cryptography* (ID), in which the public key of a user can be built
very easily from his email address for instance. The cryptographic
burden is then put on the shoulders of the *private key generator*
(PKG) that must be contacted by the users privately to get his secret
key and open their emails. The ID approach can be substituted to the PKI
approach in some cases, where some form of ideal trustable PKG exists
(private networks, etc.).

This ID idea is not new, but no efficient and robust protocol was known prior to the ideas of Boneh et al. using pairings on elliptic curves. R. Dupont and A. Enge have worked on such an ID-system. They have defined a notion of security for such a protocol and have given a proof of security of a generalization of a system of Sakai, Ohgishi and Kasahara' in this model [28].

#### CESAM

Participants : Andreas Enge, Pierrick Gaudry.

The CESAM project is a contract of the ACI Sécurité Informatique, involving TANC and the crypto team at ENS. The goal of this project is to study cryptographic protocols involving elliptic curves, with a view towards specific environment where the resources (cpu, memory, bandwidth) are limited.

A first result has been obtained in this framework [26]. An
authenticated key exchange algorithm is designed using specific
properties of elliptic curves, namely the existence of the *quadratic twist* that we can associate to any elliptic curve. The nice
feature of our approach is that it is possible to prove the security
of the protocol in the standard model, and in particular without
relying on the controversial Random Oracle Model. Indeed, in key
exchange protocols, the session key is usually obtained via the
application of a hash function to a group element. In our case, this
hash function is no longer necessary.

The curves that can be used in this protocol are not the same as the curves that are used in classical protocols, since the group orders of the curve and of the quadratic twist need both to be prime. A. Enge has made use of the complex multiplication approach presented above to generate such curves. Finding curves of cryptographic size (192 bits) is a matter of seconds with his implementation. A note is in preparation.

#### Security in *ad hoc* networks

Participant : François Morain.

F. Morain and D. Augot (CODES) participate in the ACI SERAC (SEcuRity models and protocols for Ad-hoC Networks), which started in september 2004. Their interest there is to understand the (new?) cryptographic needs required and to try to invent new trust models.

It is clear that the arrival of Hipercom (also a member of SERAC) at École polytechnique will trigger new collaborations in that direction too.