The Weil and Tate pairings are a popular new gadget in cryptography and have found many applications, including identity-based cryptography. In particular, the pairings have been used for key exchange protocols. This paper studies the bit security of keys obtained using protocols based on pairings (that is, we show that obtaining certain bits of the common key is as hard as computing the entire key). These results give insight into how many "hard-core" bits can be obtained from key exchange using pairings. The results are of practical importance. For instance, Scott and Barreto have recently used our results to justify the security of their compressed pairing technique.
|Number of pages||9|
|Journal||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Publication status||Published - 2004|