ake.txt

miracl-大数运算库,大家使用有什么问题请多多提意见

The files AKEn.CPP implement variations of the ake protocol descibed in 
http://eprint.iacr.org/2002/164/

This authenticated key exchange algorithm is used as a test-bed for testing 
fast implementations of tate-pairing based protocols.

AKE2.CPP contains an implementation that uses a non-supersingular curve with 
a 160-bit group order whose security depends on the difficulty of a 1024-bit 
discrete logarithm problem. The prime modulus is 512 bits. The "security 
multiplier" is 2. The curve parameters are in the file k2.ecs

AKE2SS.CPP implements the same protocol, but this time using a supersingular
curve.

AKE6.CPP contains an implementation that uses a non-supersingular curve with 
a 160-bit group order whose security depends on the difficulty of a 960-bit 
discrete logarithm problem. The prime modulus is 160 bits. The "security 
multiplier" is 6. The curve parameters are in the file mnt.ecs

AKE4.CPP contains an implementation that uses a non-supersingular curve with 
a 192-bit group order whose security depends on the difficulty of a 2048-bit 
discrete logarithm problem. The prime modulus is 512 bits. The "security 
multiplier" is 4. The curve parameters are in the file k4.ecs

AKE8.CPP contains an implementation that uses a non-supersingular curve with 
a 224-bit group order whose security depends on the difficulty of a 4096-bit 
discrete logarithm problem. The prime modulus is 512 bits. The "security 
multiplier" is 8. The curve parameters are in the file k8.ecs
                     
The implementations AKE2.CPP, AKE4.CPP and AKE8.CPP use a "twisted" curve, and 
compress the output of the pairing. See http://eprint.iacr.org/2004/032/

AKE4.CPP and AKE8.CPP uses a "tower extension field" as a simple way of moving 
from k=2 to k=4 and k=8. See ZZn4.CPP/ZZn8.CPP

By using a series of such extensions, higher and higher security levels can 
be reached. This is thought to be a nice way of scaling security for pairing-
based protocols. These implementations all depend on the same fast 512-bit 
modular multiplier.

AKEW4 contains an implementation that uses a non-supersingular curve with a 
165-bit group order whose security depends on the difficulty of a 1024-bit 
discrete logarithm problem. The prime modulus is 255 bits. The "security 
multiplier" is 4. The curve parameters are in the file kw4.ecs. This curve 
was constructed using an unpublished method of our own. Note that the group
order is of a low hamming weight.

AKEW8.CPP contains an implementation that uses a non-supersingular curve with a 
192-bit group order whose security depends on the difficulty of a 2048-bit 
discrete logarithm problem. The prime modulus is 256 bits. The "security 
multiplier" is 8. The curve parameters are in the file weng.ecs. This curve 
was constructed using a method due to Brezing & Weng. See 
http://eprint.iacr.org/2003/143/

The files k2.ecs, k4.ecs and k8.ecs are created by the utility folklore.cpp
The file mnt.ecs is created by the mnt.cpp utility.