Questions tagged as ['pairings']

Pairing-based cryptography uses bilinear maps to create a gap group that allows efficient constructions of certain primitives.
Score: 0
'NIZK arguments for quadratic arithmetic programs' of '[Groth16] On the Size of Pairing-based Non-interactive Arguments'

I wonder about the CRS of NIZK argument.

I think [A]$$_1$$, [B]$$_2$$, [C]$$_1$$ is calculated using CRS. Instead of calculating A, B, C first and then calculating [A]$$_1$$, [C]$$_1$$, [B]$$_2$$.

1. May I know if this is correct?

If it is correct, in order to calculate [C]$$_1$$, I think [B]$$_1$$ is also needed.

1. Is it correct that we need to calculate both [B]$$_1$$ and [B]$$_2$$?

And I marked curious parts with  ...

Score: 0
How to get the generator of composite order group in JPBC?

I have read some code, the generator of the additive group of prime order is easy to get because every element in the group is a generator.So in JPBC I just need to randomly generate elements as generators.But this method is not valid in composite order groups because the elements in composite order groups are not all generators.So how to get the generator of composite order group in JPBC?

Score: 2
Why is the set of r-torsion points isomorphic to $\mathbb{Z}_r \times \mathbb{Z}_r$

It states that $$E(\mathbb{F}_{k^q})[r]$$ is isomorphic to the product of $$\mathbb{Z}_r$$ with itself. $$E(\mathbb{F}_{k^q})[r]$$ is the set of $$r$$-torsion points, which means all points, $$P$$ where $$rP = O$$ (I think).

Ok. Let's test this with $$r = 2$$. We know, the 4 solutions are: $$\{O, (a_0, 0), (a_1, 0), (a_2, 0)\}$$ where $$a_n$$ is t ...

Score: 1
Norm() of bilinear pairing

Consider two points P, Q over a pairing friendly elliptic curve $$E[F_q]$$, e.g., BN254. Let Z = e(P, Q). It is known that $$Z \in F_{q^k}$$ where $$k$$ is the embedding degree. The norm map N(Z) is defined as $$\prod_{0\leq i\leq k-1} Z^{q^i}$$. We observed that for BN254, N(Z) is always the 1 in $$F_p$$.

Is that the case for all pairing friendly groups?

Score: 2
How to have a hash function that maps any binary string of size n to binary string of size n?

I am implementing certificateless cryptography from this research paper in python language. Essentially, I want to have the following hash function mapping. This hash function is mentioned in the setup algorithm in section 2.4 of the paper. Here n is the bit-length of plaintexts. \begin{align} H_4: \{0, 1\}^n\to\{0, 1\}^n\\ \end{align} Is there any inbuilt hash function in hashlib python libra ...

Score: 1
What is a function on a Line or a Curve?

I am reading up on Pairings using Elliptic curves & all the texts talk about functions on a Curve.

I am finding it difficult to even figure out what they mean by "function on a curve" or "function on a line"

The equation of a line or a curve itself is in the form of a function, but I am unable to figure what is "function on a curve" or "function on a line".

Some examples.

In Mathematical Cryptography  ...

Score: 2
Size of group elements in a bilinear context

In a asymetric pairing context, which size (in bits) should have the elements of $$\mathbb{G}_1,\mathbb{G}_2$$ and $$\mathbb{G}_T$$ if we consider the most efficient elliptic curves?

Score: 2
How to have a hash function that maps from a group element to a binary string of a certain size in charm-crypto?

I am facing a problem in programming with the charm-crypto library. The hash functions for pairing group elements in charm-crypto can only map from a string to a specific field: $$\mathbb Z_r$$, $$G_1$$ or $$G_2$$.

Examples: \begin{align} H_1: \{0, 1\}^*\to\ &G_1\\ H_2: \{0, 1\}^*\to\ &Z_r\\ H_3: \{0, 1\}^*\to\ &G_2\\ \end{align}

I am implementing a certificateless public key encryption  ...

Score: 1
Developments in ABE using Pairings

What are the recent developments in Attribute-Based Encryption (ABE) using Pairings assumptions?

Is pairings the most viable assumption while designing ABE. What other assumptions are used for ABE schemes and are there any advantages it gives over pairings assumption?

Score: 1
Multiplication of pairings vs. exponentiation of the group elements

Assume that we have a pairing as $$e:G_1\times G_2\rightarrow G_T$$. such that $$g_1$$ and $$g_2$$ are the generator of $$G_1$$ and $$G_2$$ respectively. In a protocol I have $$A=\prod_{i=1}^n e(H(i),pk_i)$$ where $$H(i)\in G_1$$ and its discrete-logarithm is unknown (since it is a random oracle) and $$pk_i\in G_2$$. I can design another protocol such that I can compute my target value $$A$$ in another way i.e., $$A=e( ...$$

Score: 0
issues understanding some basic points about identity based encryption

I've been trying to understand an article (https://ieeexplore.ieee.org/document/8538446) about using blockchain to overcome identity based encryption (ibe) drawbacks. My purpose is to be able to code the method explained in the article at the end BUT i have big issues understanding the math behind the identity based encryption, here are my questions.

1- How are groups generated ( chosen ) in ibe ?

...

Score: 1
What's the difference between Optimal ate pairing and R-ate pairing?

I compare the algorithm description of Optimal ate pairing and R-ate pairing, it turns out to me that the formulas are the same. So I'm a little confused, what's the difference between them? or is it just I misunderstand? Thanks very much.

ref: Beuchat J L, González-Díaz J E, Mitsunari S, et al. High-speed software implementation of the optimal ate pairing over Barreto–Naehrig curves[C]//Internationa ...

Score: 5
Pairing-friendly curve whose group order is a safe prime

Are there any pairing-friendly curves whose group order is a safe prime?

That is: the order of the group is $$2q + 1$$ for some prime number $$q$$.

Or, is it impossible to have such groups?

Score: 1
Chaining a smaller group inside the pairing friendly group

Let's say there is a bilinear pairing $$G \times G \rightarrow G_t$$ (e.g., for bn128), and let prime $$q$$ be the order of $$G$$. Is it possible to find a prime order group over integers such that its order $$p | q-1$$ (that is $$q$$ is used as the modulus for the "smaller" group)? I checked the order of bn128 and bs381 groups, it seems that the $$q-1$$ has no large prime factors.

Score: 1
Can we instantiate VRF without using pairing?

As my survey, most of(I am not sure if it is "all") the constructions of VRF are instantiated with the use of pairing. Can we construct a VRF without using pairing?