Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Guide to pairing-based cryptography
El Mrabet N., Joye M., Chapman & Hall/CRC, Boca Raton, FL, 2016. 420 pp. Type: Book (978-1-498729-50-5)
Date Reviewed: Sep 27 2017

In this context, a pairing is a bilinear map from two (not necessarily distinct) groups G1,G2 to a third. In cryptography, pairings are almost inevitably constructed from elliptic curves. In 1985, Koblitz [1] and Miller [2] independently used elliptic curves for cryptographic purposes, and this elliptic curve digital signature algorithm (EC-DSA) is in mainstream use. Soon afterwards, it was realized that these pairings have cryptographic applications too, either to attack cryptographic systems (the Menezes–Okamoto–Vanstone (MOV) attack and others), or to build new cryptographic techniques, such as group signatures, identity-based encryption, and attribute-based encryption. There is an annual conference, PAIRINGS, and much research literature on the subject, but very little introductory material, certainly not recent.

Pairings are hard to use well: probably much harder than EC-DSA as EC-DSA is over the original RSA. Conversely, they are quite easy to use badly. Good pairings are also very hard to find. This means that they are easy to misuse, and it is all too common to see a scheme proposed that has a hidden weakness. Hence, this book fills a gap in the literature. Edited by two people with good track records in the field, a foreword by one of the founders of the field, and 12 chapters written by colleagues of the editors, it ought to be an invaluable resource for students and implementers.

Alas, it fills the gap badly, both technically and editorially, to the point where it cannot be recommended except to one who is already an expert capable of placing results in context and filling in gaps.

For example, chapter 2, “Mathematical Background,” says, “In this book, most groups are commutative”: fair enough, one might think. However, what it means is “most of the results in the rest of this chapter are only valid for commutative groups, but we won’t tell you which,” which is deeply unhelpful.

For a book intended as a “self-contained handbook,” the standard of consistency and indexing is extremely poor. Take, for example, Lemma 3.2: “Let E be an elliptic curve defined over Fq and a large prime number r such that r|#E(Fq) and πq the Frobenius automorphism. Let k be the embedding degree relative to r ... .” Suppose one doesn’t know what the phrase “embedding degree” means. The index offers page 1-3 as the only previous entry. That says that qk is “the size of the finite field underlying GT ... and k is called the embedding degree.” No other constraints are mentioned here. In fact, there is a piece of text, not referred to in the index, a few pages before Lemma 3.2, which states (correctly) that r has to be the smallest integer that r|qk-1, but you wouldn’t discover this from the index. Nor is the “symbol description” at the start of the book much help, saying merely that k is the embedding degree without defining it, and omitting to define GT, preferring to call it G3.

Too many statements in the book are false: for example, the authors claim that the addition of two points in projective coordinates takes 12 multiplications and five squares (page 2-21). The formulas given need significant rearranging to produce only 12 multiplications, but patently require two squares rather than five. In Theorem 3.5, Ψ is defined and φ is used: I believe they are meant to be the same thing.

When not wrong, the statements are often confusing: many of the algorithms in chapter 3 are written in the style “for i in [I-1..0] compute (except at the last step).” This is extremely confusing: why not “for i in [I-1..1] compute” and then make it explicit what is done when i=0? I often needed external knowledge to complete the algorithm.

Chapter 10 is unreadable (I was unable to get past page 10-7) due to the decision to omit all plus signs and several superscripts, so that page 10-5 defines the Weierstrass model as y=x3axb, whereas one would expect y2=x3+ax+b.

Are there no good bits? Of course there are good chapters. The all-important chapter 4, “Pairing Friendly Elliptic Curves,” on how to find good pairings, seems good (not least because it doesn’t rely on its predecessors). Chapter 9, “Discrete Logarithms,” also seems good. Some of the others may well be. The bibliography at the end (as opposed to those for the chapters), while inevitably dated, is good.

More reviews about this item: Goodreads

Reviewer:  J. H. Davenport Review #: CR145565 (1712-0772)
1) Koblitz, N. Elliptic curve cryptosystems. Mathematics of Computation 49 (1987), 203–290.
2) Miller, V. S. Use of elliptic curves in cryptography. In Proc. of CRYPTO '86. Springer, New York, NY, 1986, 417–426.
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Data Encryption (E.3 )
 
 
Number-Theoretic Computations (F.2.1 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Data Encryption": Date
ESA/390 integrated cryptographic facility
Yeh P., Ronald M. S. IBM Systems Journal 30(2): 192-205, 1991. Type: Article
Feb 1 1992
Design and implementation of an RSA cryptosystem using multiple DSP chips
Er M., Wong D., Sethu A., Ngeow K. Microprocessors & Microsystems 15(7): 369-378, 1991. Type: Article
Nov 1 1993
An introduction to cryptography
Diffie W. (ed), Hellman M., John Wiley & Sons, Inc., New York, NY, 1984. Type: Book (9780471262336)
Feb 1 1986
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy