Noninteractive Verifiable Outsourcing Algorithm for Bilinear Pairing with Improved Checkability

Ren, Yanli; Dong, Min; Niu, Zhihua; Du, Xiaoni

doi:https://doi.org/10.1155/2017/4892814

Security and Communication Networks

On this page

Abstract Introduction Applications Conclusions Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Multimedia Security: Novel Steganography and Privacy Preserving

View this Special Issue

Research Article | Open Access

Volume 2017 | Article ID 4892814 | https://doi.org/10.1155/2017/4892814

Noninteractive Verifiable Outsourcing Algorithm for Bilinear Pairing with Improved Checkability

Yanli Ren,¹Min Dong,¹Zhihua Niu,²and Xiaoni Du³

Academic Editor: Rémi Cogranne

Received19 Jun 2017

Revised27 Aug 2017

Accepted06 Sept 2017

Published15 Oct 2017

Abstract

It is well known that the computation of bilinear pairing is the most expensive operation in pairing-based cryptography. In this paper, we propose a noninteractive verifiable outsourcing algorithm of bilinear pairing based on two servers in the one-malicious model. The outsourcer need not execute any expensive operation, such as scalar multiplication and modular exponentiation. Moreover, the outsourcer could detect any failure with a probability close to 1 if one of the servers misbehaves. Therefore, the proposed algorithm improves checkability and decreases communication cost compared with the previous ones. Finally, we utilize the proposed algorithm as a subroutine to achieve an anonymous identity-based encryption (AIBE) scheme with outsourced decryption and an identity-based signature (IBS) scheme with outsourced verification.

1. Introduction

Outsourcing computation has received widespread attention with the development of cloud computing and the proliferation of mobile devices [1]. Despite of the huge benefits, it also encounters some security concerns and challenges. Firstly, the computation tasks often include some private information that should not be disclosed to the cloud servers, since the servers are not fully trusted. Secondly, the cloud servers may return an invalid result, but the outsourcer fails to detect the error [1]. Therefore, two main security challenges of the outsourcing computation are privacy and checkability: () the cloud servers cannot learn anything about the private inputs and the outputs of the computation outsourced to them; () the outsourcer can detect any failure if the cloud servers return a wrong computation result.

Verifiable computation (VC) allows a client with limited computation capability to outsource evaluation of a function on some inputs to a powerful but semitrusted server [2, 3]. The client in this model first executes a lot of off-line computation and encrypts the function which will be evaluated and then sends the encrypted function to the server. The server then performs the computation on the encoded function and responds with a result and a proof that the result is correct. Finally, the client verifies whether the computation has been carried out honestly based on the server’s proof. During the whole process, the computation cost of the client is less than computing the function directly itself.

Our Contributions. In this paper, we propose a noninteractive verifiable outsourcing algorithm of bilinear pairing in the one-malicious model of two untrusted servers, which improves the checkability of the outsourcer without any interactive operation between the outsourcer and the server. In the proposed algorithm, the outsourcer could detect any failure with a probability close to 1 if one of the servers returns the false result. The proposed algorithm improves the checkability at the expense of only a little efficiency when compared with previous algorithms. Finally, we utilize the proposed algorithm as a subroutine to achieve an AIBE scheme with outsourced decryption and an IBS scheme with outsourced verification.

1.1. Related Works

In the cryptographic community, outsourcing expensive operations to a semitrusted device is widely studied. Chaum and Pedersen [4] introduced the concept of “wallets with observers” that allows installing a piece of hardware on the client’s device to execute some operations for each transaction. Hohenberger and Lysyanskaya formalized this model [5] and presented algorithms for the computation of modular exponentiations (MExps) based on two noncolluding servers. Further, Chen et al. [1] proposed a new outsourcing algorithm for MExps with improved efficiency and checkability based on the same model as [5]. However, it is still possible for the outsourcer to be cheated by the server. Ren et al. then constructed a verifiable outsourcing scheme of MExps, where the outsourcer can detect the error with a probability of 1 if the server misbehaves [6]. Lai et al. [7] proposed an attribute-based encryption (ABE) scheme with verifiable outsourcing decryption, which guaranteed that an outsourcer can efficiently detect the wrong results. Qin et al. [8] then proposed new ABE scheme with outsourced decryption, where the outsourcer could verify the outsourcing results with a high efficiency at the expense of minimal overhead. Chen et al. first considered the problem of outsourcing computation in attribute-based signature (ABS) schemes and delegated the verification of signature to an untrusted server [9]. Yu et al. [10] proposed a secure and efficient cloud storage auditing scheme with verifiable outsourcing of key updates. The process of key updates is outsourced to the third party auditor (TPA), and the TPA only knows the encrypted secret key. Meanwhile, the outsourcer could verify the effectiveness of encrypted secret keys when uploading new files to the cloud server. Also, Wang et al. [11] proposed a privacy-preserving public auditing system for data storage security and extended it to handle the problem of multiple auditing, where the TPA could learn nothing about data and the integrity of data could be verified publicly. Other works target specific classes of functions, such as revocable identity-based encryption [12], solution of linear equations [13], and image features extraction [14].

In recent years, bilinear pairings have various applications in constructing new cryptographic primitive, for example, identity-based encryption [15], short signature [16], and key agreement protocol [17]. In pairing-based cryptography, the computation of bilinear pairing is the most expensive operation and it has important effects on efficiency of these schemes or protocols. Thus, a lot of research work has been done to compute bilinear pairing efficiently [18, 19].

Chevallier-Mames et al. [20] presented the first algorithm for secure outsourcing of bilinear pairings based on an untrusted server, where the outsourcer could detect any failure with probability of 1 if the server returns an incorrect result. However, the outsourcer must execute some other expensive operations such as scalar multiplications and modular exponentiations, where these computations are even comparable to those of bilinear pairings in some scenarios [19, 21]. Subsequently, other works on delegation of bilinear pairings [22, 23] also suffer from the same problems. Chen et al. proposed the first efficient outsourcing algorithm of bilinear pairing in the one-malicious version of two untrusted program models [24], where the outsourcer only carried out 5 point additions and 4 multiplications without any expensive operations, which is suitable for the computation-limited client. However, the checkability of the algorithm in [24] is only 1/2, and the outsourcer may accept a false result returned by a malicious server with probability of 1/2. Tian et al. presented two outsourcing algorithms of bilinear pairing based on two servers [25]. One is more efficient than the algorithm of [24], and the outsourcer needs to execute 4 point additions and 3 multiplications with the same checkability. The other algorithm is more flexible based on two untrusted servers with improved checkability. As we know, it is also possible for the outsourcer to be cheated by the server and the error cannot be detected successfully. Recently, Ren et al. presented a new outsourcing algorithm of bilinear pairing, which improves the checkability of the outsourcer to 1, and it is impossible for the server to cheat the outsourcer to accept a false outsourcing result [26]. However, it needs two interactive rounds between the outsourcer and the server and increases the communication cost, though the checkability is improved to 1.

1.2. Organization

The rest of this paper is organized as follows. In Section 2, we introduce the definition of bilinear pairing and security model of the outsourcing scheme. A noninteractive verifiable outsourcing algorithm of bilinear pairing is presented and its security analysis is given in Section 3. In Section 4, we introduce two applications of the proposed outsourcing scheme: an AIBE scheme with outsourced decryption and an IBS scheme with outsourced verification. The performance evaluation of the proposed scheme is presented in Section 5. In Section 6, we conclude the paper.

2. Definitions

In this section, we introduce the properties of bilinear pairings, security definition, and model of the proposed outsourcing algorithms.

2.1. Bilinear Pairings

Let be a large prime, are two cyclic addition groups of order , and is a cyclic multiplicative group of order . are generators of , respectively. is a bilinear map with the following properties [15, 16, 21]:1.Bilinear: for any , and 2.Nondegenerate: there exist such that 3.Computable: there is an efficient algorithm to compute for any

The bilinear map and the bilinear pairing can be realized by supersingular elliptic curves or hyperelliptic curves over finite groups and Weil or Tate pairings, respectively [15, 16, 21].

2.2. Security Definition and Model

Now we review the formal security definition of an outsourcing algorithm introduced by [5]. An algorithm Alg includes a trusted part and an untrusted program , and denotes the works carried out by invoking . An adversary is simulated by a pair of algorithms , where denotes the adversarial environment that submits adversarial inputs for Alg and represents adversarial software written by . As described in [5], we assume that the two adversaries can only make direct communication before the execution of , and, in other cases, they can only communicate with each other by passing messages through the outsourcer .

Definition 1 (algorithm with outsource I/O). An algorithm Alg takes five inputs and generates three outputs. The first three inputs are chosen by an honest party, and the last two inputs are generated by the environment . The first input is honest and secret, which is unknown for both and ; the second is honest and protected, which may be public for but is private for ; the third is honest and unprotected, which may be public for both and ; the fourth is adversarial and protected, which is public for but is protected from ; and the last one is adversarial and unprotected, which is public for and . Similarly, the first output is secret, which is protected from and ; the second is protected, which may be public for but not ; and the third is unprotected, which may be public for both and .
The following security definition ensures that both and cannot obtain any information about the private inputs and outputs of , even if uses the malicious software written by .

Definition 2 (outsource-security). Let Alg be an algorithm with outsource I/O. is called an outsource-secure implementation of Alg if the following conditions hold:

() Correctness: is a correct implementation of Alg

() Security: for all probabilistic polynomial-time (PPT) adversaries , there exist two PPT simulators such that the following pairs of random variables are computationally indistinguishable

Pair One. , which means that the malicious environment cannot gain anything interesting about the private inputs and outputs during the execution of . The detailed definitions of the real process and the ideal process are omitted because of limited space; please see [5] for the details.

Pair Two. , which means that the untrusted software written by learns nothing about the inputs and outputs during the execution of . Please also see [5] for the detailed definitions.

Assume that is a correct implementation of Alg; we have the following definitions.

Definition 3 (-efficient, secure outsourcing). A pair of algorithms are -efficient if the running time of is not more than an -multiplicative factor of that of Alg for any input .

Definition 4 (-checkable, secure outsourcing). A pair of algorithms are -checkable if detects any deviation of from its advertised functionality during the implementation of with probability not less than for any input .

Definition 5 (-outsource-security). A pair of algorithms are called an -outsource-secure implementation of Alg if they are both -efficient and -checkable.
The proposed algorithms are executed based on two untrusted program models introduced by [5]. In this model, the adversarial environment writes two programs , and installs these programs in a manner such that all subsequent communication between any two of , , and must pass through . The new adversary attacking is . We assume that at most one of the programs misbehaves, but we do not know which one. It is named as the one-malicious version of two untrusted models. In the real world, it is equivalent to buying two copies of the untrusted software from different vendors and achieving the outsource security as long as one of them is honest [1].

3. Verifiable Secure Outsourcing of Bilinear Pairing

As [5], a subroutine named Rand is used to speed up the computations. The inputs for Rand are a prime , two cyclic addition groups of order , and a bilinear map , where is a cyclic multiplicative group of order and the output for each invocation is a random, independent vector of the following form:where , and is a small number.

We can use the table-lookup method to implement this functionality. First, a trusted server computes a table of random, independent vectors in advance and then stores it into the memory of . For each invocation of i, needs to retrieves a new vector in the table.

3.1. Verifiable Outsourcing Algorithm

We propose a noninteractive verifiable outsourcing algorithm NIVBP for bilinear pairing in the one-malicious model. In NIVBP algorithm, outsources its bilinear pairing computations to and by invoking the subroutine Rand. A requirement for NIVBP is that the adversary cannot know any useful information about the inputs and outputs of NIVBP.

Let be a large prime. The input of NIVBP is and , and the output is . and are both computationally blinded to and . The proposed NIVBP algorithm is described as follows: (1) firstly runs Rand one time to create a blinding vector as (1). (2) queries in random order as follows: Similarly, queries in random order as follows: (3) verifies whether and generate the correct outputs, which means that (4)–(6) hold. (a) (b) (c) If not, outputs “error”; otherwise, outputs

Correctness. It is obvious that formula (4) holds if two servers are all honest. In addition,

Therefore, formulas (4)–(6) hold according to the above analysis. Finally, obtains as (8).

Remark 6. If one of the servers is dishonest, the results could be verified successfully with a probability close to 1 except that the dishonest server knows the values of (or ) and . As we know, five queries sent to and are submitted in random order and . So, the dishonest server could guess the values of (or ) and with the probabilities of and , respectively. Therefore, the checkability of the NIVBP algorithm is

Remark 7. The proposed algorithm NIVBP is also applicative in the condition where are two cyclic multiplication groups. Let be generators of , respectively. is a bilinear map. In this case, the inputs of NIVBP are also and , and the output is also . The details are also omitted because of limited space.

3.2. Security Analysis

Theorem 8. In the one-malicious model, the proposed algorithm is an outsource-secure implementation of NIVBP, where the input may be honest and secret or honest and protected or adversarial and protected.

Proof. Let be a PPT adversary that interacts with a PPT algorithm in the one-malicious model.
First, we prove that , which means that the environment learns nothing during the execution of . If the input is honest and protected or adversarial and protected, it is obvious that the simulator behaves the same as in the real execution. Therefore, we only need to prove the case where is an honest, secret input.
So, suppose that is an honest, secret input. The simulator in the ideal experiment behaves as follows. On receiving the input on round , ignores it and instead makes five random queries of the form to both and Finally, randomly checks one output from each program. If an error is detected, saves all states and outputs = “error,” , and thus the final output for ideal process is (, “error,” ). If no error is detected, checks the remaining four outputs. If all checks pass, outputs ; that is, the final output for ideal process is ; otherwise, selects a random element and outputs , and the output for ideal process is .

In addition, we need to show that the inputs to in the real experiment are computationally indistinguishable from those in the ideal one. In the ideal experiment, the inputs are selected uniformly at random. In the real one, each part of all five queries that makes to any program is generated by invoking the subroutine Rand and thus is computationally indistinguishable from random numbers. Therefore, we consider three possible conditions. If both are honest in round , , since the outputs of NIVBP are not replaced and ; if one of is dishonest in round , the fault must be detected by both and with a probability close to 1, resulting in an output of “error”; otherwise, the output of NIVBP is corrupted with a probability of . In the real experiment, the five outputs generated by are multiplied together along with a random value. Thus, even when one of misbehaves, so we conclude that .

Second, we prove that , which means that the untrusted software learns nothing during the execution of . In the ideal experiment, the simulator always behaves as follows: when receiving the input on round , ignores it but submits five random queries of the form to and . Then saves its states and those of . Since the honest, secret or honest, protected or adversarial, protected inputs are all private for , the simulator is applicable to all those conditions. As shown in Pair One, the inputs to in the real experiment are computationally indistinguishable from those in the ideal one randomly chosen by . Thus, for each round , and so .

Theorem 9. In the one-malicious model, the proposed algorithm in Section 3.1 is verifiable; that is, the outsourcer can test the error with a probability close to 1 if one of the servers outputs the false result.

Proof. Assume that is an honest server and is a malicious server. At the end of the algorithm, the outsourcer verifies the results by formulas (4)–(6). It is obvious that must generate the correct value of ; otherwise, formula (4) cannot pass the verification with a probability of 1. Thus, the only possibility of cheating is returning the false value of , which is denoted by , respectively.
Assume that could pass the verification of formulas (5) and (6); that is, which means thatSince is an honest server, must be correct. In addition, are generated randomly by Rand subroutine, and so these values must be true. Thus, the values of and should be true even if are incorrect; otherwise, they could not pass the verification of formulas (5) and (6).
In order to obtain the true values of and , must guess the values of , and . As shown in Section 3.1, the probabilities of guessing the true values of and are and , respectively. Therefore, the outsourcer can test the error with a probability of .

Theorem 10. In the one-malicious model, the proposed algorithm is an -outsource-secure implementation of NIVBP, where is a small positive integer and is the bit length of and is the order of .

Proof. The proposed algorithm NIVBP makes one call to Rand and 8 point additions (PA) in or and multiplication in in order to compute . As shown in [24], it takes roughly multiplications in resulting finite field to compute the bilinear pairing, where is the bit length of . Thus, the proposed algorithm is an -efficient implementation of NIVBP. On the other hand, it must be detected with a probability close to 1 if or fails during any execution of NIVBP from Theorem 9.

3.3. Comparison

We compare the outsourcing algorithms for bilinear pairing with input privacy in Table 1, where is a small positive integer and “PA” and “M” denote the operation of point addition in or and multiplication in , respectively.

From Table 1, we conclude that the NIVBP algorithm increases checkability of the outsourcer, though a little computation cost is appended compared with Pair and TZR1 algorithms. In addition, the NIVBP algorithm improves computation efficiency and checkability of the outsourcer simultaneously compared with TZR2 algorithm for the same parameter: . The efficiency and checkability of the NIVBP algorithm are nearly the same as those of VBP algorithm, but it decreases the communication cost, since it is noninteractive while the VBP algorithm is interactive. Therefore, the NIVBP algorithm increases checkability and decreases communication cost of the outsourcer, although a little computation cost is appended.

4. Applications

In this section, we introduce two applications of the proposed NIVBP algorithm: anonymous identity-based encryption (AIBE) scheme [27] and identity-based signature (IBS) scheme [28].

Let be three cyclic multiplication groups of order , and let be generators of , respectively. is a bilinear map. In the following schemes, .

4.1. Boyen-Waters AIBE Scheme with Outsourcing Decryption

The proposed outsource-secure AIBE scheme consists of the following algorithms.

Setup. It chooses a random generator , random group elements , and random exponents . The master key , , and the public parameters are as follows:

Extract (MSK, ID). To issue a private key for identity ID, it chooses two random exponents and computes the private key as follows:

Encrypt (PK, ID, M). To encrypt a message for an identity ID, it chooses random and creates the ciphertext as follows:

Decrypt (PK, ID, CT). The outsourcer executes the NIVBP algorithm for five times and obtainsand then computes .

4.2. Paterson-Schuldt IBS Scheme with Outsourcing Verification

The detailed scheme is shown as follows.

Setup. It picks , and computes . Further, choose and vectors , of length and , respectively, where are random elements from . The public parameters are and the master secret key is .

Extract. Let be a bit string of length representing an identity and let be the -th bit of . Set as the set of index such that . To construct the private key of the identity , pick and compute

Sign. Let be the set of index such that , where is a message and is the -th bit of . To generate a signature for the message , randomly choose and compute

Verify. Given a signature of an identity for a message , the outsourcer executes the NIVBP algorithm and obtains And verify

It is obvious that the two outsourcing schemes are verifiable and secure, since the NIVBP algorithm is verifiable with input privacy as described in Section 3.

5. Performance Evaluation

In this section, we provide an experimental evaluation of the proposed outsourcing algorithms. Our experiment is simulated on two machines with Intel Xeon Processor running at 3.4 GHz with 32 G memory (cloud server) and Intel Celeron Processor running at 1.2 GHz with 2 G memory (the outsourcer), respectively. The programming language is Java, using Java Pairing-Based Cryptography (JPBC) Library. The parameter is a 160-bit prime that is randomly generated.

In Figure 1, we provide the simulation of NIVBP algorithm, which means that the fault can be found with a probability close to 1 if one of the servers misbehaves. It is obvious that the time cost for the outsourcer is much smaller than that for directly computing bilinear pairing, since a number of computations have been delegated to two servers. Therefore, the proposed NIVBP algorithm is the implementation of secure and verifiable outsourcing for bilinear pairing.

In Figure 2, we compare the evaluation times of the outsourcing algorithms for bilinear pairing proposed in [24–26] and this paper, respectively. From Figure 2, we conclude that, for the outsourcer , the NIVBP algorithm is superior to TZR2 algorithm in efficiency, and it appends small computation cost to improve the checkability compared with Pair and TZR1 algorithms. In addition, the NIVBP algorithm is nearly the same as VBP algorithm in efficiency, but it is noninteractive and decreases the communication cost of the outsourcer. Thus, the proposed NIVBP algorithm improves the checkability and decreases communication cost for the outsourcer simultaneously based on two servers in the one-malicious model.

6. Conclusions

In this paper, we propose a noninteractive verifiable outsource-secure algorithm for bilinear pairing. The security model of our proposed algorithm is based on two noncolluding servers, and the outsourcer can detect any failure with a probability close to 1 if one of the servers misbehaves. Compared with the previous ones, the proposed algorithm improves the checkability and communication efficiency simultaneously for the outsourcer.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

The work described in this paper was supported by the National Natural Science Foundation of China (Grant no. 61572309), Natural Science Foundation of Shanghai (no. 16ZR1411200), and Program for New Century Excellent Talents in University (NCET-12-0620).

References

X. F. Chen, J. Li, J. Ma, Q. Tang, and W. Lou, “New algorithms for secure outsourcing of modular exponentiations,” IEEE Transactions On Parallel And Distributed Systems, vol. 25, no. 9, pp. 2386–2396, 2014.
View at: Publisher Site | Google Scholar
R. Gennaro, C. Gentry, and B. Parno, “Non-interactive verifiable computing: outsourcing computation to untrusted workers,” in Advances in cryptology---CRYPTO 2010, vol. 6223 of Lecture Notes in Comput. Sci., pp. 465–482, Springer, Berlin, Germany, 2010.
View at: Publisher Site | Google Scholar | MathSciNet
K.-M. Chung, Y. Kalai, and S. Vadhan, “Improved delegation of computation using fully homomorphic encryption,” in Advances in cryptology---CRYPTO 2010, vol. 6223 of Lecture Notes in Comput. Sci., pp. 483–501, Springer, Berlin, Germany, 2010.
View at: Publisher Site | Google Scholar | MathSciNet
D. Chaum and T. Pedersen, “Wallet databases with observers,” in Advances in Cryptology—CRYPTO’ 92, vol. 740 of Lecture Notes in Computer Science, pp. 89–105, Springer, Berlin, Germany, 1993.
View at: Publisher Site | Google Scholar
S. Hohenberger and A. Lysyanskaya, “How to securely outsource cryptographic computations,” in Proceedings of the TCC 2005, vol. 3378 of Lecture Notes in Computer Science, pp. 264–282, Springer.
View at: Publisher Site | Google Scholar | MathSciNet
Y. Ren, N. Dingy, X. Zhang, H. Lu, and D. Gu, “Verifiable outsourcing algorithms for modular exponentiations with improved checkability,” in Proceedings of the 11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016, pp. 293–303, ACM, June 2016.
View at: Publisher Site | Google Scholar
J.-Z. Lai, R. H. Deng, C. Guan, and J. Weng, “Attribute-based encryption with verifiable outsourced decryption,” IEEE Transactions on Information Forensics and Security, vol. 8, no. 8, pp. 1343–1354, 2013.
View at: Publisher Site | Google Scholar
B. Qin, R. H. Deng, S. Liu, and S. Ma, “Attribute-based encryption with efficient verifiable outsourced decryption,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 7, pp. 1384–1393, 2015.
View at: Publisher Site | Google Scholar
X. Chen, J. Li, X. Huang, J. Li, Y. Xiang, and D. S. Wong, “Secure outsourced attribute-based signatures,” IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 12, pp. 3284–3294, 2014.
View at: Publisher Site | Google Scholar
J. Yu, K. Ren, and C. Wang, “Enabling cloud storage auditing with verifiable outsourcing of key updates,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 6, pp. 1362–1375, 2016.
View at: Publisher Site | Google Scholar
C. Wang, Q. Wang, K. Ren, and W. Lou, “Privacy-preserving public auditing for data storage security in cloud computing,” in Proceedings of the IEEE INFO-COM, pp. 525–533, San Diego, Calif, USA, March 2010.
View at: Publisher Site | Google Scholar
Y. Ren, N. Ding, X. Zhang, H. Lu, and D. Gu, “Identity-based encryption with verifiable outsourced revocation,” Computer Journal, vol. 59, no. 11, pp. 1659–1668, 2016.
View at: Publisher Site | Google Scholar
X. Chen, X. Huang, J. Li, J. Ma, W. Lou, and D. S. Wong, “New algorithms for secure outsourcing of large-scale systems of linear equations,” IEEE Transactions on Information and Forensics Security, vol. 10, no. 1, pp. 69–78, 2015.
View at: Publisher Site | Google Scholar
Y. Ren, X. Zhang, G. Feng, Z. Qian, and F. Li, “How to Extract Image Features based on Co-occurrence Matrix Securely and Efficiently in Cloud Computing,” IEEE Transactions on Cloud Computing, 2017.
View at: Publisher Site | Google Scholar
D. Boneh and M. Franklin, “Identity-based encryption from the Weil pairing,” in Advances in Cryptology---CRYPTO 2001, vol. 2139 of Lecture Notes in Computer Science, pp. 213–229, Springer, Berlin, Germany, 2001.
View at: Publisher Site | Google Scholar | MathSciNet
J. C. Cha and J. H. Cheon, “An identity-based signature from gap Diffie-Hellman groups,” in Proceedings of the PKC, vol. 2567 of Lecture Notes in Computer Science, pp. 18–30, Springer.
View at: Publisher Site | Google Scholar | MathSciNet
A. Joux, “A one round protocol for tripartite Diffie-Hellman,” in Proceedings of the ANTS, vol. 1838 of Lecture Notes in Computer Science, pp. 385–393, Springer, 2000.
View at: Publisher Site | Google Scholar | MathSciNet
M. Scott, N. Costigan, and W. Abdulwahab, “Implementing cryptographic pairings on smartcards,” in Proceedings of the CHES, vol. 4249 of LNCS, pp. 134–147, 2006.
View at: Google Scholar
P. S. Barreto, S. D. Galbraith, C. Heigeartaigh, and M. Scott, “Efficient pairing computation on supersingular abelian varieties,” Designs, Codes and Cryptography, vol. 42, no. 3, pp. 239–271, 2007.
View at: Publisher Site | Google Scholar | MathSciNet
B. Chevallier-Mames, J.-S. Coron, N. McCullagh, D. Naccache, and M. Scott, “Secure delegation of elliptic-curve pairing,” in Proceedings of the CARDIS 2010, vol. 6035 of LNCS, pp. 24–35, 2010.
View at: Publisher Site | Google Scholar
S. D. Galbraith, K. G. Paterson, and N. . Smart, “Pairings for cryptographers,” Discrete Applied Mathematics, vol. 156, no. 16, pp. 3113–3121, 2008.
View at: Publisher Site | Google Scholar | MathSciNet
P. Tsang, S. Chow, and S. Smith, “Batch pairing delegation,” in Proceedings of the IWSEC 2007, 90, p. 74, 2007.
View at: Google Scholar
S. S. M. Chow, M. H. Au, and W. Susilo, “Server-aided signatures verification secure against collusion attack,” in Proceedings of the 6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 401–405, March 2011.
View at: Publisher Site | Google Scholar
X. Chen, W. Susilo, J. Li et al., “Efficient algorithms for secure outsourcing of bilinear pairings,” Theoretical Computer Science, vol. 562, pp. 112–121, 2015.
View at: Publisher Site | Google Scholar | MathSciNet
H. Tian, F. Zhang, and K. Ren, “Secure bilinear pairing outsourcing made more efficient and flexible,” in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2015, pp. 417–426, April 2015.
View at: Publisher Site | Google Scholar
Y. Ren, N. Ding, T. Wang, H. Lu, and D. Gu, “New algorithms for verifiable outsourcing of bilinear pairings,” Science China Information Sciences, vol. 59, no. 9, Article ID 99103, 2016.
View at: Publisher Site | Google Scholar
X. Boyen and B. Waters, “Anonymous hierarchical identity-based encryption (without random oracles),” in Advances in cryptology---{CRYPTO} 2006, vol. 4117 of Lecture Notes in Computer Science, pp. 290–307, Springer, Berlin, Germany, 2006.
View at: Publisher Site | Google Scholar | MathSciNet
K. G. Paterson and J. C. N. Schuldt, “Efficient identity-based signatures secure in the standard model,” in Proceedings of the ACISP 2006, vol. 4058 of Lecture Notes in Computer Science, pp. 207–222, Springer.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2017 Yanli Ren et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1019

Downloads

762

Citations