Identity-based Key Agreement Protocols From PairingsIdentity-Based Key Agreement Protocols • January 30th, 2008
Contract Type FiledJanuary 30th, 2008– H2(Si): Algorithm A maintains an initially empty list Hlist with entries of the form (Su, mu, Ru, wu). Algorithm A responds to the query in the following way.
Identity-based Key Agreement Protocols From PairingsIdentity-Based Key Agreement Protocols • August 23rd, 2006
Contract Type FiledAugust 23rd, 2006Abstract. In recent years, a large number of identity-based key agreement protocols from pairings have been proposed. Some of them are elegant and practical. However, the security of this type of protocols has been surprisingly hard to prove. The main issue is that a simulator is not able to deal with reveal queries, because it requires solving either a computational problem or a decisional problem, both of which are generally believed to be hard (i.e., computationally infeasible). The best solution of security proof published so far uses the gap assumption, which means assuming that the existence of a decisional oracle does not change the hardness of the corresponding computational problem. The disadvantage of using this solution to prove the security for this type of protocols is that such decisional oracles, on which the security proof relies, cannot be performed by any polynomial time algorithm in the real world, because of the hardness of the decisional problem. In this paper we p