Abstract— In this paper, we present several key recovery attacks proposed by Lim-Lee on Diffie- Hellman- type key exchange protocols which use a prime order subgroup on discrete logarithm problem. This attack may reveal part of, or the whole secret key in these protocols. In addition, this attack is closely related to the selection of parameters and the verification of validity of the public key. Then, we propose a criterion for prime modulo p based on discrete logarithm problem to enhance security and the efficiency of discrete log-based cryptography systems.
|
Tài liệu tham khảo [1]. D. Pointcheval, J. Stern. “Security proofs for signature schemes”, EUROCRYPT’96, vol. 1070, pp. 387-398, 1996. [2]. D. Bleichenbacher, “Generating ElGamal Signatures Without Knowing the Secret Key”, EUROCRYPT’96, vol. 1070, pp. 10-18, 1996. [3]. C. Lim and P. Lee, “Several practical protocols for authentication and key exchange”, Information Processing Letters 53, 1995. [4]. C. Lim and P. Lee, “A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroup”, EUROCRYPT’97, pp. 68-73, 1997. [5]. M. Just and S. Vaudenay. “Authenticated multi-party key agreement”, ASIACRYPT’96, 1996. [6]. A. J. Menezes, M. Qu and S. A. Vanstone, “Some new key agreement protocols providing implicit authentication”, In Proc. SAC'95, Carleton Univ., Ottawa, Ontario, May 1995. [7]. ISO/IEC 11770-3, “Information technology, Security techniques, Key management, Part 3: Mechanisms using asymmetric techniques”, 2015. [8]. A. Menezes and B. Ustaoglu, “On the importance of public-key validation in the MQV and HMQV key agreement protocols”, 2005. |
