Skip to main content
Cryptography

All Questions

Ask Question
Tagged with or
310 questions
Newest Active Bountied Unanswered
0 votes
0 answers
23 views

I was given the following explaination, some parts of it are wrong but others looks truethefull: Here is the rigorous mathematical explanation of why this technique works. The validity of the formula $...
user2284570's user avatar
  • 283
4 votes
0 answers
68 views

I m looking for a way to perform pairings without final exponentiation or where the last step is easy to inverse (in order to perform pairing inversion through Miller inversion using https://eprint....
user2284570's user avatar
  • 283
4 votes
1 answer
147 views

In weil pairing, assuming $G_1 = G_2$, It's said that $e(P, P) = 1$ for any point $P \in G_1$. It's also said that pairing is non-degenerate (i.e $e(P_1, P_1) \neq 1$) see How is this not a ...
Giorgi Lagidze's user avatar
  • 89
2 votes
0 answers
83 views

I'm a beginner and was reading about bilinear pairings by Craig Costello which you can find here. In section $4.1$, called $r$-torsion, the author outlines trace maps, Frobenius and anti-trace ...
Giorgi Lagidze's user avatar
  • 89
1 vote
1 answer
126 views

The algorithm description is in https://eprint.iacr.org/2019/385.pdf page 8 : Algorithm 4.1. Input: $d \in \mathbb{N}$ satisfying $l \mid d$ and $d \mid (s+1)$, $v \in \mathbb{F}_r$, $A \in G_0 - \{\...
user2284570's user avatar
  • 283
0 votes
0 answers
46 views

The algorithm description is as the following : The problem is in the case of altbn254 the order’s $d= 21888242871839275222246405745257275088548364400416034343698204186575808495617$ isn’t a suborder/...
user2284570's user avatar
  • 283
0 votes
0 answers
47 views

Simple question : everything is in the title : pairings allows transferring the ᴇᴄᴅʟᴘ to finite field ᴅʟᴘ and I want to do the reverse : the aim isn’t to find a secret point but to transfer the finite ...
user2284570's user avatar
  • 283
0 votes
0 answers
60 views

According to the following paper, Miller inversion is easy and this is exponentiation inversion which hard. Those algorithms are written for fapi‒2 inversion, meaning finding $\mathbb G_1$. But the ...
user2284570's user avatar
  • 283
0 votes
1 answer
96 views

According to this paper page 248 and unlike it’s title subject, it’s possible to invert a pairing on ʙɴ curves if exponentiation inversion is easy… But what about cases where final exponentiation isn’...
user2284570's user avatar
  • 283
0 votes
1 answer
49 views

In binnealiry, we have: $e(P, Q + R) = e(P, Q) * e(P, R)$ If $e(x, y) = 2^{xy}$, and P, Q, R are 3,4,5 respectively then, $e(3, 4+ 5) = 2^{3 * 9} = 2^{27}$ $e(3, 4) * e(3, 5) = 2^{3 * 4} * 2^{3 * 5} = ...
Giorgi Lagidze's user avatar
  • 89
0 votes
1 answer
63 views

I understand what billinearity means. Basically, when we have a function of x and y, we treat y as constant and resulting function must be linear in ...
Giorgi Lagidze's user avatar
  • 89
3 votes
1 answer
162 views

The following definitions are from Fuzzy Identity-based Encryption by Sahai and Waters (Eurocrypt 2005, Eprint). Definition 2 (Decisional Bilinear Diffie-Hellman (BDH) Assumption). Suppose a ...
Ky Phan Quoc's user avatar
  • 33
1 vote
1 answer
105 views

Normally a curve using large characteristics is already secure by being prime, but in my case, I saw a system relying of the hardness of the discrete logarithm of an elliptic curve defined over a ...
user2284570's user avatar
  • 283
6 votes
1 answer
179 views

Problem Alice has an array of random EC points $P_{1},...,P_{n}$ (their logarithms are not known neither to Alice nor to Bob). She sends them to Bob. Bob multiplies them all by a secret number $x$, ...
artelk's user avatar
  • 163
2 votes
1 answer
144 views

There are many research papers that reduce the fixed pairing inversion problems down to expoentiation inversion. I understand how computing qth roots mod q where $q=p^m$ is different from ...
user2284570's user avatar
  • 283

15 30 50 per page
1
2 3 4 5
21