Still wrong use of pairings in cryptography

摘要

Recently many pairing-based cryptographic protocols have been designed with a wide variety of new novel applications including the ones in the emerging technologies like cloud computing, internet of things (IoT), e-health systems, and wearable technologies. There have been, however, a wide range of incorrect use of these primitives mainly because of their use in a “black-box” manner. Some new attacks on the discrete logarithm problem lead to either totally insecure or highly inefficient pairing-based protocols, and extend considerably the issues related to pairings originally pointed out by Galbraith et al. (2008). Other reasons are the implementation attacks, the minimal embedding field attacks, and the issues due to the existence of auxiliary inputs. Although almost all these issues are well-known to mathematical cryptographers, there is no state-of-the-art assessment covering all these new issues which could be used by the applied cryptography researchers and the IT-security developers. In order to illustrate this point, we give a list of recent papers having either wrong security assumptions or realizability/efficiency issues. Furthermore, we give a compact and an state-of-the-art recipe of the correct use of pairings for the correct design with a view towards efficient and secure implementation of security solutions using these primitives.