Converting pairing-based cryptosystems from composite to prime order setting – A comparative analysis

摘要

Composite order pairing setting has been used to achieve cryptographic functionalities beyond what is attainablein prime order groups. However, such pairings are known to be significantly slower than their prime order counterparts. Thus emerged a new line of research – developing frameworks to convert cryptosystems from composite to prime order pairing setting.In this work, we analyse the intricacies of efficient prime order instantiation of cryptosystems that can be converted using existing frameworks. To compare the relative efficacy of these frameworks we mainly focus on some representative schemes: the Boneh–Goh–Nissim (BGN) homomorphic encryption scheme, ring and group signatures as well as a blind signature scheme. Our concrete analyses lead to several interesting observations. We show that even after a considerable amount of research, the projecting framework implicit in the very first work of Groth–Sahai still remains the best choice for instantiating the BGN cryptosystem.Protocols like the ring signature and group signature which use both projecting and cancelling setting in composite order can be most efficiently instantiated in the Freeman prime-order projecting only setting. In contrast, while the Freeman projecting setting is sufficient for the security reduction of the blind signature scheme, the simultaneous projecting and cancelling setting does provide some efficiency advantage.