A. Otero Sánchez,J. A. López Ramos,A. Otero Sanchez,J. A. Lopez Ramos

DOI: https://doi.org/10.1142/s0219498825502299

2024-02-28

Journal of Algebra and Its Applications

Abstract:We show that a previously introduced key exchange based on a congruence-simple semiring action is not secure by providing an attack that reveals the shared key from the distributed public information for any of such semirings.

mathematics, applied

Jintai Ding,Alexei Miasnikov,Alexander Ushakov

2015-01-01

Abstract:In this paper we analyze the Kahrobaei-Lam-Shpilrain (KLS) key exchange protocols that use extensions by endomorpisms of matrices over a Galois field proposed in [2]. We show that both protocols are vulnerable to a simple linear algebra attack.

Aleksejus Mihalkovich,Jokubas Zitkevicius,Eligijus Sakalauskas

DOI: https://doi.org/10.3934/math.20241312

2024-01-01

AIMS Mathematics

Abstract:In this paper, we revisited the previously proposed key exchange protocol based on the matrix power function. We prove that the entries of the public key matrices of both parties of the protocol are uniform. Using this result we defined a security game for our protocol and show that the malicious attacker cannot gain any significant advantage in winning this game by applying faithful representation or the linearization approaches. Moreover, we showed that the shared key is computationally indistinguishable from the imitation key if the security parameters are properly chosen.

mathematics, applied

Dylan Rudy,Chris Monico

DOI: https://doi.org/10.48550/arXiv.2005.04363

2020-09-22

Abstract:We consider a key-exchange protocol based on matrices over a tropical semiring which was recently proposed in \cite{grig19}. We show that a particular private parameter of that protocol can be recovered with a simple binary search, rendering it insecure.

Cryptography and Security

Laszlo B. Kish

DOI: https://doi.org/10.1142/S0219477524500287

2023-11-19

Abstract:Known key exchange schemes offering information-theoretic (unconditional) security are complex and costly to implement. Nonetheless, they remain the only known methods for achieving unconditional security in key exchange. Therefore, the explorations for simpler solutions for information-theoretic security are highly justified. Lin et al. [1] proposed an interesting hardware key distribution scheme that utilizes thermal-noise-free resistances and DC voltages. A crypto analysis of this system is presented. It is shown that, if Eve gains access to the initial shared secret at any time in the past or future, she can successfully crack all the generated keys in the past and future, even retroactively, using passively obtained and recorded voltages and currents. Therefore, the scheme is not a secure key exchanger, but it is rather a key expander with no more information entropy than the originally shared secret at the beginning. We also point out that the proposed defense methods against active attacks do not function when the original shared secret is compromised because then the communication cannot be efficiently authenticated. However, they do work when an unconditionally secure key exchanger is applied to enable the authenticated communication protocol.

Cryptography and Security,Emerging Technologies

Mohammad Eftekhari

DOI: https://doi.org/10.48550/arXiv.1503.04779

2015-03-17

Abstract:We address a cryptanalysis of two protocols based on the supposed difficulty of discrete logarithm problem on (semi) groups of matrices over a group ring. We can find the secret key and break entirely the protocols.

Cryptography and Security

Daniel Camazón Portela,Álvaro Otero Sánchez,Juan Antonio López Ramos

2024-11-30

Abstract:The advent of large-scale quantum computers implies that our existing public-key cryptography infrastructure has become insecure. That means that the privacy of many mobile applications involving dynamic peer groups, such as multicast messaging or pay-per-view, could be compromised. In this work we propose a generalization of the well known group key exchange protocol proposed by Burmester and Desmedt to the non-abelian case by the use of finite group actions and we prove that the presented protocol is secure in Katz and Yung's model.

Cryptography and Security,Information Theory

Debiao He,Jianhua Chen,Jin Hu

DOI: https://doi.org/10.31449/inf.v34i3.308

2010-01-01

Informatica

Abstract:Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called S-3PAKE protocol proposed by Lu and Cao for passwordauthenticated key exchange in the three-party setting. In the current work, we are concerned with the password security of the S-3PAKE protocol. We first show that S-3PAKE is vulnerable to an off-line dictionary attack in which an attacker exhaustively enumerates all possible passwords in an off-line manner to determine the correct one. We then figure out how to eliminate the security vulnerability of S3PAKE.

Simran Tinani,Carlo Matteotti,Joachim Rosenthal

2023-10-08

Abstract:In the recently emerging field of nonabelian group-based cryptography, a prominently used one-way function is the Conjugacy Search Problem (CSP), and two important classes of platform groups are polycyclic and matrix groups. In this paper, we discuss the complexity of the conjugacy search problem (CSP) in these two classes of platform groups using the three protocols in [10], [26], and [29] as our starting point. We produce a polynomial time solution for the CSP in a finite polycyclic group with two generators, and show that a restricted CSP is reducible to a DLP. In matrix groups over finite fields, we usedthe Jordan decomposition of a matrix to produce a polynomial time reduction of an A-restricted CSP, where A is a cyclic subgroup of the general linear group, to a set of DLPs over an extension of Fq. We use these general methods and results to describe concrete cryptanalysis algorithms for these three systems. In particular, we show that in the group of invertible matrices over finite fields and in polycyclic groups with two generators, a CSP where conjugators are restricted to a cyclic subgroup is reducible to a set of O(n2) discrete logarithm problems. Using our general results, we demonstrate concrete cryptanalysis algorithms for each of these three schemes. We believe that our methods and findings are likely to allow for several other heuristic attacks in the general case.

Cryptography and Security,Computational Complexity

G. Álvarez,F. Montoya,M. Romera,G. Pastor

DOI: https://doi.org/10.1016/j.chaos.2003.12.013

2004-07-01

Chaos, Solitons and Fractals

Abstract:This paper describes the security weakness of a recently proposed secure communication method based on discrete-time chaos synchronization. We show that the security is compromised even without precise knowledge of the chaotic system used. We also make many suggestions to improve its security in future versions.

Qi Xia,Chunxiang Xu,Yong Yu

DOI: https://doi.org/10.3772/j.issn.1006-6748.2011.02.013

2011-01-01

Abstract:As a special kind of digital signature, verifiably encrypted signatures are used as a building block to construct optimistic fair exchange. Many verifiably encrypted signature schemes have been proposed so far and most of them were proven secure under certain complexity assumptions. In this paper, however, we find that although some schemes are secure in a single-user setting, they are not secure in a multi-user setting any more. We show that Zhang, et al.'s scheme, Gorantla, et al.'s scheme and Ming, et al.'s scheme are vulnerable to key substitution attacks, where an adversary can generate new keys satisfying legitimate verifiably encrypted signatures created by the legitimate users. We also show that this kind of attacks can breach the fairness when they are used in fair exchange in a multi-user setting. © by HIGH TECHNOLOGY LETTERS PRESS.

Iftach Haitner,Noam Mazor,Rotem Oshman,Omer Reingold,Amir Yehudayoff

DOI: https://doi.org/10.48550/arXiv.2105.01958

2021-05-06

Abstract:Key-agreement protocols whose security is proven in the random oracle model are an important alternative to protocols based on public-key cryptography. In the random oracle model, the parties and the eavesdropper have access to a shared random function (an "oracle"), but the parties are limited in the number of queries they can make to the oracle. The random oracle serves as an abstraction for black-box access to a symmetric cryptographic primitive, such as a collision resistant hash. Unfortunately, as shown by Impagliazzo and Rudich [STOC '89] and Barak and Mahmoody [Crypto '09], such protocols can only guarantee limited secrecy: the key of any $\ell$-query protocol can be revealed by an $O(\ell^2)$-query adversary. This quadratic gap between the query complexity of the honest parties and the eavesdropper matches the gap obtained by the Merkle's Puzzles protocol of Merkle [CACM '78]. In this work we tackle a new aspect of key-agreement protocols in the random oracle model: their communication complexity. In Merkle's Puzzles, to obtain secrecy against an eavesdropper that makes roughly $\ell^2$ queries, the honest parties need to exchange $\Omega(\ell)$ bits. We show that for protocols with certain natural properties, ones that Merkle's Puzzle has, such high communication is unavoidable. Specifically, this is the case if the honest parties' queries are uniformly random, or alternatively if the protocol uses non-adaptive queries and has only two rounds. Our proof for the first setting uses a novel reduction from the set-disjointness problem in two-party communication complexity. For the second setting we prove the lower bound directly, using information-theoretic arguments.

Cryptography and Security

Hung -Min Sun,Shiuh -Pyng Shieh

DOI: https://doi.org/10.1007/bfb0053722

1998-01-01

Abstract:Recently J. and R.M. Campello de Souza proposed a private-key encryption scheme based on the product codes with the capability of correcting a special type of structured errors. In this paper, we show that J. and R.M. Campello de Souza's scheme is insecure against chosen-plaintext attacks, and consequently propose a secure modified scheme.

David Arroyo,Fernando Hernandez,Amalia B. Orúe

DOI: https://doi.org/10.1142/S0218127417500043

2016-10-27

Abstract:The application of synchronization theory to build up new cryptosystems has been a hot topic during the last two decades. In this paper we analyze a recent proposal in this field. We pinpoint the main limitations of the software implementation of chaos-based systems designed on the grounds of synchronization theory. In addition, we show that the cryptosystem under evaluation possesses serious security problems that imply a clear reduction of the key space.

Cryptography and Security

Keita Suzuki,Koji Nuida

DOI: https://doi.org/10.48550/arXiv.2107.05924

2022-05-19

Abstract:Akiyama et al. (Int. J. Math. Indust., 2019) proposed a post-quantum key exchange protocol that is based on the hardness of solving a system of multivariate non-linear polynomial equations but has a design strategy different from ordinary multivariate cryptography. Their protocol has two versions, an original one and a modified one, where the modified one has a trade-off that its security is strengthened while it has non-zero error probability in establishing a common key. In fact, the evaluation in their paper suggests that the probability of failing to establish a common key by the modified protocol with the proposed parameter set is impractically high. In this paper, we improve the success probability of Akiyama et al.'s modified key exchange protocol significantly while keeping the security, by restricting each component of the correct common key from the whole of the coefficient field to its small subset. We give theoretical and experimental evaluations showing that our proposed parameter set for our protocol is expected to achieve both failure probability $2^{-120}$ and $128$-bit security level.

Cryptography and Security

Lorenzo Grassi,Irati Manterola Ayala,Martha Norberg Hovd,Morten Oygarden,Havard Raddum,Qingju Wang

DOI: https://doi.org/10.1007/978-3-031-38548-3_11

2023-01-01

Abstract:Symmetric primitives are a cornerstone of cryptography, and have traditionally been defined over fields, where cryptanalysis is now well understood. However, a few symmetric primitives defined over rings Z q for a composite number q have recently been proposed, a setting where security is much less studied. In this paper we focus on studying established algebraic attacks typically defined over fields and the extent of their applicability to symmetric primitives defined over the ring of integers modulo a composite q . Based on our analysis, we present an attack on full Rubato, a family of symmetric ciphers proposed by Ha et al. at Eurocrypt 2022 designed to be used in a transciphering framework for approximate fully homomorphic encryption. We show that at least 25 % of the possible choices for q satisfy certain conditions that lead to a successful key recovery attack with complexity significantly lower than the claimed security level for five of the six ciphers in the Rubato family.

Alex D. Myasnikov,Alexander Ushakov

DOI: https://doi.org/10.48550/arXiv.0801.4786

2008-01-31

Abstract:The Anshel-Anshel-Goldfeld-Lemieux (abbreviated AAGL) key agreement protocol is proposed to be used on low-cost platforms which constraint the use of computational resources. The core of the protocol is the concept of an Algebraic Eraser (abbreviated AE) which is claimed to be a suitable primitive for use within lightweight cryptography. The AE primitive is based on a new and ingenious idea of using an action of a semidirect product on a (semi)group to obscure involved algebraic structures. The underlying motivation for AAGL protocol is the need to secure networks which deploy Radio Frequency Identification (RFID) tags used for identification, authentication, tracing and point-of-sale applications. In this paper we revisit the computational problem on which AE relies and heuristically analyze its hardness. We show that for proposed parameter values it is impossible to instantiate the secure protocol. To be more precise, in 100% of randomly generated instances of the protocol we were able to find a secret conjugator z generated by TTP algorithm (part of AAGL protocol).

Group Theory

Chunxiang Xu,Junhui Zhou,Zhiguang Qin

2005-01-01

Abstract:Most recently, Lee B. et al proposed a key issuing protocol for ID-based cryptography to solve the key escrow problem. However in this letter, we show that a malicious key generation center (KGC) can successfully attack the protocol to obtain users' private keys. This means that in the protocol, the key escrow problem isn't really removed.

Guomin Yang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1007/11556992_16

2005-01-01

Abstract:In PKC'04, a signcryption scheme with key privacy was proposed by Libert and Quisquater. Along with the scheme, some security models were defined with regard to the signcryption versions of confidentiality, existential unforgeability and ciphertext anonymity (or key privacy). The security of their scheme was also claimed under these models. In this paper, we show that their scheme cannot achieve the claimed security by demonstrating an insider attack which shows that their scheme is not semantically secure against chosen ciphertext attack (not even secure against chosen plaintext attack) or ciphertext anonymous. We further propose a revised version of their signcryption scheme and show its security under the assumption that the gap Diffie-Hellman problem is hard. Our revised scheme supports parallel processing that can help reduce the computation time of both signcryption and de-signcryption operations.