P packet Flooding Attack Network Bandwidth Denial of Service (DoS) Packet-Dropping Attack

Download 2.18 Mb. Pdf ko'rish
bet	8/155
Sana	04.08.2023
Hajmi	2.18 Mb.
	#78028

1 ... 4 5 6 7 8 9 10 11 ... 155

Bog'liq
gu2011
AQLLI SHAHAR, TEST, 1-мактаб тўгарак жадвал, BUYRUQ. YASIN BREND, TAQRIZ YANGI, 2, Tarjima SPLINES, DIFFERENTIAL EQUATIONS, AND OPTIMAL, (11-ozbetinshe K.U.A)Q.Zafar, APPLIKATSIYADA QIRQISHNI HAR HIL USULLARINI BAJARISH, EDUCATION SYSTEM OF UZBEKISTON, O’zbekistonning va jahon hamjamiyati, OCHILOVA NIGORANING, 7 yosh inqirozi uning sabablari va alomatlari, TEXNIKA MADANIYATI, AAA

Pairing-Friendly Elliptic Curves
Edlyn Teske
Department of Combinatorics and Optimization,
University of Waterloo, Waterloo, Ontario, Canada
Related Concepts

Elliptic Curves
;

Pairings
Deﬁnition
Pairing-friendly elliptic curves are special

elliptic curves
defined over finite fields, that are suitable for pairing-based
cryptography.
Background
Let E be an

elliptic curve
over a

finite field
F
q
. Assume
the group of
F
q
-rational points on E has a subgroup of
prime order r, such that gcd
(r, q) = . The smallest integer
k such that r divides q
k
−  is called the embedding degree
of E with respect to r. If k
≤ log

(r)/ and r ≥ √q, then E
is called pairing-friendly.
Via the Weil and Tate

pairings
on E, the prime-order
subgroup can be embedded into the field
F
q
k
. If q is prime,
F
q
k
is the smallest extension of
F
q
for which this is possible;
if q
= p
m
with m
> , the Weil and Tate pairings may take
values in a smaller field, the so-called minimal embedding
field.

Pairing-Friendly Elliptic Curves
P

P
Theory
For a pairing-based cryptographic system to be secure, the

discrete logarithm problems
in the group E
(F
q
) of F
q
-
rational points on E and in the multiplicative group
F
×
q
k
must both be computationally infeasible. The best known
discrete logarithm algorithm on elliptic curves is the par-
allelized Pollard rho algorithm, which has running time
O
(
√
r
), where r is the size of the largest prime-order
subgroup of E
(F
q
). On the other hand, the best algorithm
for discrete logarithm computation in finite fields is the

index calculus attack
, which has running time subexpo-
nential in the field size. Thus, to achieve the same level of
security in both groups, the size q
k
of the extension field
must be significantly larger than r.
Table 
lists ranges for
r and q
k
(q prime) and k to match commonly desired lev-
els of security. Two different ranges of k are given for each
level, depending on the ρ-value ρ
= log q/ log r, which
measures the base field size relative to the size of the prime-
order subgroup of the curve. In general, curves with small
ρ-values are desirable in order to speed up arithmetic on
the elliptic curve. At times, though, a larger ρ-value is
acceptable for the sake of fast pairing evaluations; in par-
ticular, at the -bit security level, a k
=  curve with -bit
prime subgroup order defined over a -bit finite field rep-
resents an efficient setup for some choices of curves and
protocols.

Download 2.18 Mb.

1 ... 4 5 6 7 8 9 10 11 ... 155

Download 2.18 Mb.

Pdf ko'rish