. Le-partage-de-la-clé-sécrète, Maintenant, après ces deux tours d'échanges, les trois protagonistes partagent une même clé sécrète

B. Alice, Charlie choisissent leurs clés sécrètes, comme dans le premier cas du schéma de Diffie Hellman, respectivement a, p.1

À. Cette-Étape and A. , Bob et Charlie peuvent partager une même clé sécrète comme suit

B. Abdalla, D. Catalano, A. W. Dent, J. Malone-lee, G. Neven et al., Identity-Based Encryption Gone Wild, Automata, Languages and Programming, 33rd International Colloquium Proceedings, Part II [adv05] Advances in elliptic curve cryptography, pp.300-311, 2005.
DOI : 10.1007/11787006_26

F. Diego, K. Aranha, P. Karabina, C. H. Longa, J. Gebotys et al., Faster explicit formulas for computing pairings over ordinary curves, Advances in Cryptology -EUROCRYPT 2011 -30th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Proceedings, pp.48-68, 2011.

[. Boneh, X. Boyen, and E. Goh, Hierarchical identity based encryption with constant size ciphertext Xavier Boyen, and Hovav Shacham. Short group signatures, Advances in Cryptology -EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques Proceedings Advances in Cryptology -CRYPTO 2004, 24th Annual International CryptologyConference Proceedings, pp.440-456, 2004.
DOI : 10.1007/11426639_26
URL : http://ai.stanford.edu/~xb/eurocrypt05a/eurocrypt05tinyhibe.ps

D. Boneh and M. K. Franklin, Identity-based encryption from the weil pairing

B. Beuchat, J. E. González-díaz, S. Mitsunari, E. Okamoto, F. Rodríguez-henríquez et al., High-Speed Software Implementation of the Optimal Ate Pairing over Barreto???Naehrig Curves, Pairing-Based Cryptography -Pairing 2010, pp.21-39, 2010.
DOI : 10.1007/978-3-642-17455-1_2

N. [. Balasubramanian and . Koblitz, The Improbability That an Elliptic Curve Has Subexponential Discrete Log Problem under the Menezes???Okamoto???Vanstone Algorithm, Journal of Cryptology, vol.11, issue.2
DOI : 10.1007/s001459900040

S. L. Paulo, B. Barreto, M. Lynn, and . Scott, Constructing elliptic curves with prescribed embedding degrees, Security in Communication Networks, Third International Conference, pp.257-267, 2002.

S. L. Paulo, B. Barreto, M. Lynn, and . Scott, On the selection of pairingfriendly groups, Selected Areas in Cryptography, 10th Annual International Workshop , SAC 2003, pp.17-25, 2003.

D. J. Bernstein, T. Lange, and P. Schwabe, On the Correct Use of the Negation Map in the Pollard rho Method, Public Key Cryptography -PKC 2011 -14th International Conference on Practice and Theory in Public Key Cryptography. Proceedings, pp.128-146, 2011.
DOI : 10.1007/978-3-642-19379-8_8

S. L. Paulo, M. Barreto, and . Naehrig, Pairing-friendly elliptic curves of prime order, Selected Areas in Cryptography -SAC 2005, pp.319-331, 2005.

I. F. Blake, G. Seroussi, and N. P. Smart, Advances in elliptic curve cryptography lecture note series, 2005.

F. Brezing and A. Weng, Elliptic Curves Suitable for Pairing Based Cryptography, Designs, Codes and Cryptography, vol.2248, issue.5, pp.133-141, 2005.
DOI : 10.1007/s10623-004-3808-4

[. Chen, Z. Cheng, and N. P. Smart, A built-in decisional function and security proof of id-based key agreement protocols from pairings, IACR Cryptology ePrint Archive, p.160, 2006.

C. C. Ray, S. Cheung, J. Duquesne, N. Fan, I. Guillermin et al., FPGA implementation of pairings using residue number system and lazy reduction, Cryptographic Hardware and Embedded Systems -CHES 2011 -13th International Workshop. Proceedings, pp.421-441, 2011.

J. Chung and M. A. Hasan, Asymmetric Squaring Formulae, 18th IEEE Symposium on Computer Arithmetic (ARITH '07), pp.25-27, 2007.
DOI : 10.1109/ARITH.2007.11
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.162.2383

[. Castaneda, E. Knapp, and F. R. Henrquez, Faster hashing to g2, Selected Areas in Cryptography -18th International Workshop, pp.412-430, 2011.

[. Costello, T. Lange, and M. Naehrig, Faster Pairing Computations on Curves with High-Degree Twists, Public Key Cryptography -PKC 2010, 13th International Conference on Practice and Theory in Public Key Cryptography. Proceedings, pp.224-242, 2010.
DOI : 10.1007/978-3-642-13013-7_14
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.215.4568

R. [. Cocks and . Pinch, Identity-based cryptosystems based on the weil pairing, 2001.

L. Sylvain-duquesne, E. Ghammam-martin, and . Hellman, Memory-saving computation of the pairing final exponentiation on BN curves. Groups Complexity Cryptology New directions in cryptography, IEEE Trans. Information Theory, vol.8, issue.16, pp.75-90, 1976.

N. E. Sylvain-duquesne, S. Mrabet, F. Haloui, and . Rondepierre, Choosing and generating parameters for low level pairing implementation on BN curves, IACR Cryptology ePrint Archive, p.1212, 2015.

A. Jun-devegili, M. Scott, and R. Dahab, Implementing Cryptographic Pairings over Barreto-Naehrig Curves, Pairing-Based Cryptography -Pairing, pp.197-207, 2007.
DOI : 10.1007/978-3-540-73489-5_10

G. [. Mrabet, M. L. Natale, and . Flottes, A practical Differential Power Analysis attack against the Miller algorithm, 2009 Ph.D. Research in Microelectronics and Electronics, 2009.
DOI : 10.1109/RME.2009.5201339

A. Enge and J. Milan, Implementing cryptographic pairings at standard security levels. CoRR, abs/1407, 2014.
DOI : 10.1007/978-3-319-12060-7_3
URL : https://hal.archives-ouvertes.fr/hal-01034213

G. Frey, M. Müller, and H. Rück, The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems, IEEE Transactions on Information Theory, vol.45, issue.5, pp.1717-1719, 1999.
DOI : 10.1109/18.771254

[. Freeman, M. Scott, and E. Teske, A Taxonomy of Pairing-Friendly Elliptic Curves, Journal of Cryptology, vol.2, issue.5, pp.224-280, 2010.
DOI : 10.1007/s00145-009-9048-z

[. Fan, F. Vercauteren, and I. Verbauwhede, Efficient Hardware Implementation of Fp-Arithmetic for Pairing-Friendly Curves, IEEE Transactions on Computers, vol.61, issue.5, pp.61676-685, 2012.
DOI : 10.1109/TC.2011.78

[. Ghammam and E. Fouotsa, Adequate Elliptic Curves for Computing the Product of n Pairings, IACR Cryptology ePrint Archive, vol.52, issue.10, p.472, 2016.
DOI : 10.1007/978-3-540-30574-3_20

[. Ghammam and E. Fouotsa, On the computation of the optimal ate pairing at the 192-bit security level, IACR Cryptology ePrint Archive, p.130, 2016.

C. C. Pereira-geovandro, M. A. Simplício-jr, M. Naehrig, and P. S. Barreto, A family of implementation-friendly BN elliptic curves, Journal of Systems and Software, vol.84, issue.8, pp.1319-1326, 2011.
DOI : 10.1016/j.jss.2011.03.083

S. Ghosh, D. Mukhopadhyay, and D. R. Chowdhury, High Speed Flexible Pairing Cryptoprocessor on FPGA Platform, Pairing-Based Cryptography - Pairing 2010 -4th International Conference Proceedings, pp.450-466, 2010.
DOI : 10.1007/978-3-642-17455-1_28

S. Ghosh, D. Mukhopadhyay, and D. R. Chowdhury, Fault attack, countermeasures on pairing based cryptography. I, J. Network Security, vol.12, issue.1, pp.21-28, 2011.

R. Granger and N. P. Smart, On computing products of pairings, IACR Cryptology ePrint Archive, p.172, 2006.

J. Groth and A. Sahai, Efficient Non-interactive Proof Systems for Bilinear Groups
DOI : 10.1007/978-3-540-78967-3_24
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.304.8523

R. Granger and M. Scott, Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions, Public Key Cryptography -PKC 2010, 13th International Conference on Practice and Theory in Public Key Cryptography Proceedings, pp.209-223, 2010.
DOI : 10.1007/978-3-642-13013-7_13

[. Ghosh, I. Verbauwhede, and D. R. Chowdhury, Core Based Architecture to Speed Up Optimal Ate Pairing on FPGA Platform, Pairing-Based Cryptography -Pairing 2012 -5th International Conference, pp.141-159, 2012.
DOI : 10.1007/978-3-642-36334-4_9

]. P. Har60 and . Harris, Probability distributions related to random mappings, Annals of Math. Statistics, pp.1045-1062, 1960.

]. F. Hsv06b, N. P. Hesse, F. Smart, and . Vercauteren, The eta pairing revisited, IEEE Transactions on Information Theory, vol.52, issue.10, pp.4595-4602, 2006.

R. [. Joux and . Lercier, Algorithmes pour résoudre le problème de logarithme discret dans les corps finis, Nouvelles Méthodes Mathématiques en Cryptographie, Fascicule Journées Annuelles Société Mathématiques en Cryptographie, pp.23-53, 2007.

A. Joux, A one round protocol for tripartite diffie-hellman, Algorithmic Number Theory, 4th International Symposium, ANTS-IV Proceedings, pp.385-394, 2000.

K. Karabina, Squaring in cyclotomic subgroups, Mathematics of Computation, vol.82, issue.281, 2013.
DOI : 10.1090/S0025-5718-2012-02625-1
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.186.4076

T. Kim and R. Barbulescu, Extended Tower Number Field Sieve: A New Complexity for the Medium Prime Case, Advances in Cryptology -CRYPTO 2016 - 36th Annual International Cryptology Conference Proceedings, Part I, pp.543-571, 2016.
DOI : 10.1007/978-3-662-49890-3_17
URL : https://hal.archives-ouvertes.fr/hal-01281966

N. Koblitz and A. Menezes, Pairing-Based Cryptography at High Security Levels
DOI : 10.1007/11586821_2
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.80.9402

E. J. Kachisa, E. F. Schaefer, and M. Scott, Constructing Brezing-Weng Pairing-Friendly Elliptic Curves Using Elements in the Cyclotomic Field, IACR Cryptology ePrint Archive, p.452, 2007.
DOI : 10.1007/978-3-540-85538-5_9

A. [. Knuth and . Yao, Analysis of the subtractive algorithm for greater common divisors, pp.4720-4722, 1975.

H. [. Lenstra, L. Lenstra, and . Lovász, Factoring polynomials with rational coefficients, Mathematische Annalen, vol.32, issue.4, pp.515-534, 1982.
DOI : 10.1007/BF01457454
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.310.318

H. [. Lidl and . Niederreiter, Finite fields, 1994.
DOI : 10.1017/CBO9780511525926

M. Lpm-+-14-]-ronan-lashermes, N. E. Paindavoine, J. J. Mrabet, L. Fournier, and . Goubin, Practical validation of several fault attacks against the miller algorithm, Workshop on Fault Diagnosis and Tolerance in Cryptography, pp.115-122, 2014.

[. Meloni, Arithmétique des couplages, performance et résistance aux attaques par cannaux cachés, 2007.

[. Meloni, New point addition formulae for ECC applications In Arithmetic of Finite Fields, First International Workshop, WAIFI, Proceedings, pp.189-201, 2007.

N. E. Mrabet, J. J. Fournier, L. Goubin, and R. Lashermes, A survey of fault attacks in pairing based cryptography, Cryptography and Communications, vol.56, issue.1, pp.185-205, 2015.
DOI : 10.1007/s12095-014-0114-5
URL : https://hal.archives-ouvertes.fr/hal-01197172

S. Victor and . Miller, Use of elliptic curves in cryptography In Advances in Cryptology -CRYPTO '85, Proceedings, pp.417-426, 1985.

S. Victor and . Miller, The weil pairing, and its efficient calculation, J. Cryptology, vol.17, issue.4, pp.235-261, 2004.

S. Matsuda, N. Kanayama, F. Hess, and E. Okamoto, Optimised versions of the ate and twisted ate pairings, Cryptography and Coding, 11th IMA International Conference Proceedings, pp.302-312, 2007.

A. Miyaji, M. Nakabayashi, and S. Takano, Characterization of Elliptic Curve Traces Under FR-Reduction, Information Security and Cryptology -ICISC 2000, Third International Conference Proceedings, pp.90-108, 2000.
DOI : 10.1007/3-540-45247-8_8

A. Menezes, T. Okamoto, and S. A. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Transactions on Information Theory, vol.39, issue.5, pp.1639-1646, 1993.
DOI : 10.1109/18.259647

M. Nogami, Y. Akane, H. Sakemi, Y. Katou, and . Morikawa, Integer variable chi-based ate pairing, Pairing-Based Cryptography - Pairing, pp.178-191, 2008.
DOI : 10.1007/978-3-540-85538-5_13

[. Öztürk, G. Gaubatz, and B. Sunar, Tate Pairing with Strong Fault Resiliency, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007), pp.103-111, 2007.
DOI : 10.1109/FDTC.2007.18

J. Olivos, On vectorial addition chains, Journal of Algorithms, vol.2, issue.1, pp.13-21, 1981.
DOI : 10.1016/0196-6774(81)90003-1

]. J. Pol78 and . Pollard, Monte carlo method for index computations (mod p), 1978.

[. Schoof, Counting points on elliptic curves over finite fields, Journal de Th??orie des Nombres de Bordeaux, vol.7, issue.1, 1995.
DOI : 10.5802/jtnb.142
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.56.4044

. [. Stein, Sage Mathematics Software (Version SageMathCloud) The Sage Development Team, 2015.

M. Scott, N. Benger, M. Charlemagne, L. J. Dominguez, E. J. Perez et al., On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves, Pairing-Based Cryptography -Pairing 2009, Third International Conference Proceedings, pp.78-88, 2009.
DOI : 10.1007/3-540-36400-5_24

M. Scott, Computing the tate pairing The Cryptographers' Track at the RSA Conference, Topics in Cryptology -CT-RSA 2005 Proceedings, pp.293-304, 2005.

A. Sghaier, L. Ghammam, and Z. Medien, Sylvain Duquesne, and Mohsen Machhout. Area-efficient hardware implementation of the optimal ate pairing over BN curves, IACR Cryptology ePrint Archive, p.1100, 2015.

J. H. Silverman, The arithmetic of elliptic curves. Graduate texts in mathematics

T. Unterluggauer and E. Wenger, Efficient Pairings and ECC for Embedded Systems, Cryptographic Hardware and Embedded Systems -CHES 2014, pp.298-315, 2014.
DOI : 10.1007/978-3-662-44709-3_17
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.690.2083

[. Vercauteren, Optimal Pairings, IEEE Transactions on Information Theory, vol.56, issue.1, pp.455-461, 2010.
DOI : 10.1109/TIT.2009.2034881

]. L. Was03 and . Washington, Elliptic curves, number theory and cryptography, 2003.

]. L. Was08 and . Washington, Elliptic Curves, Number Theory and Cryptography, Discrete Math .Aplli, Chapman and Hall, 2008.

[. Waters, Efficient Identity-Based Encryption Without Random Oracles, Advances in Cryptology -EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques Proceedings, pp.114-127, 2005.
DOI : 10.1007/11426639_7
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.104.2190

X. Zhang and D. Lin, Analysis of Optimum Pairing Products at High Security Levels, Progress in Cryptology -INDOCRYPT 2012, 13th International Conference on Cryptology in India Proceedings, pp.412-430, 2012.
DOI : 10.1007/978-3-642-34931-7_24