Tadanori Teruya

High-speed software implementation of the optimal ate pairing over Barreto-Naehrig curves

This paper describes the design of a fast software library for the computation of the optimal ate pairing on a Barreto-Naehrig elliptic curve. Our library is able to compute the optimal ate pairing over a 254-bit prime field Fp, in just 2.33 million of clock cycles on a single core of an Intel Core i7 2.8GHz processor, which implies that the pairing computation takes 0.832msec. We are able to achieve this performance by a careful implementation of the base field arithmetic through the usage of the customary Montgomery multiplier for prime fields. The prime field is constructed via the Barreto-Naehrig polynomial parametrization of the prime p given as, p = 36t4 + 36t3 + 24t2 + 6t + 1, with t = 262 - 254 + 244. This selection of t allows us to obtain important savings for both the Miller loop as well as the final exponentiation steps of the optimal ate pairing.

Software Implementation of an Attribute-Based Encryption Scheme

A ciphertext-policy attribute-based encryption protocol uses bilinear pairings to provide control access mechanisms, where the set of users attributes is specified by means of a linear secret sharing scheme. In this paper we present the design of a software cryptographic library that achieves record timings for the computation of a 126-bit security level attribute-based encryption scheme. We developed all the required auxiliary building blocks and compared the computational weight that each of them adds to the overall performance of this protocol. In particular, our single pairing and multi-pairing implementations achieve state-of-the-art time performance at the 126-bit security level.

Attribute Based Encryption with Direct Efficiency Tradeoff

We propose the first fully secure unbounded Attribute-Based Encryption (ABE) scheme such that the key size and ciphertext size can be directly traded off. Our proposed scheme is parameterized by a positive integer d, which can be arbitrarily chosen at setup. In our scheme, the ciphertext size is O(t/d), the private key size is O(md), and the public key size is O(d), where t, m are the sizes of attribute sets and policies corresponding to ciphertext and private key, respectively.

Constructing Symmetric Pairings over Supersingular Elliptic Curves with Embedding Degree Three

In the present paper, we propose constructing symmetric pairings by applying the Ate pairing to supersingular elliptic curves over finite fields that have large characteristics with embedding degree three. We also propose an efficient algorithm of the Ate pairing on these curves. To construct the algorithm, we apply the denominator elimination technique and the signed-binary approach to the Millers algorithm, and improve the final exponentiation. We then show the efficiency of the proposed method through an experimental implementation.

Round-Efficient Private Stable Matching from Additive Homomorphic Encryption

In the present paper, we propose private stable matching protocols to solve the stable marriage problem with the round complexity

A Note on Subgroup Security in Pairing-Based Cryptography

On^2

Faster Explicit Formulae for Computing Pairings via Elliptic Nets and Their Parallel Computation

, where n is the problem size. In the multiparty setting, the round complexity of our protocol is better than all of the existing practical protocols. We also implement our protocol on a standard personal computer, smartphones, and tablet computers for experimental performance evaluation. Our protocols are constructed by using additive homomorphic encryption only, and this construction yields improved round complexity and implementation-friendliness. To the best of our knowledge, our experiment is the first implementation report of a private stable matching protocol that has a feasible running time.

On Limitations and Alternatives of Privacy-Preserving Cryptographic Protocols for Genomic Data

The hardness of the shortest vector problem for lattices is a fundamental assumption underpinning the security of many lattice-based cryptosystems, and therefore, it is important to evaluate its difficulty. Here, recent advances in studying the hardness of problems in large-scale lattice computing have pointed to need to study the design and methodology for exploiting the performance of massive parallel computing environments. In this paper, we propose a lattice basis reduction algorithm suitable for massive parallelization. Our parallelization strategy is an extension of the Fukase–Kashiwabara algorithm (J. Information Processing, Vol. 23, No. 1, 2015). In our algorithm, given a lattice basis as input, variants of the lattice basis are generated, and then each process reduces its lattice basis; at this time, the processes cooperate and share auxiliary information with each other to accelerate lattice basis reduction. In addition, we propose a new strategy based on our evaluation function of a lattice basis in order to decrease the sum of squared lengths of orthogonal basis vectors. We applied our algorithm to problem instances from the SVP Challenge. We solved a 150-dimension problem instance in about 394 days by using large clusters, and we also solved problem instances of dimensions 134, 138, 140, 142, 144, 146, and 148. Since the previous world record is the problem of dimension 132, these results demonstrate the effectiveness of our proposal.