nach oben

Journal of Cryptographic Engineering

Erschienen in:

24.11.2020 | Regular Paper

Removable weak keys for discrete logarithm-based cryptography

verfasst von: Michael John Jacobson Jr., Prabhat Kushwaha

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 2/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

We describe a novel type of weak cryptographic private key that can exist in any discrete logarithm-based public-key cryptosystem set in a group of prime order p where \(p-1\) has small divisors. Unlike the weak private keys based on numerical size (such as smaller private keys, or private keys lying in an interval) that will always exist in any DLP cryptosystems, our type of weak private keys occurs purely due to parameter choice of p, and hence, can be removed with appropriate value of p. Using the theory of implicit group representations, we present a method to determine whether a public key comes from a weak private key subject to a given computational bound, and if so, recover the private key from the corresponding public key. We analyze several elliptic curves proposed in the literature and in various standards, giving counts of the number of keys that can be broken with relatively small amounts of computation.. Our results show that many of these curves, including some from standards, have a considerable number of such weak private keys. We also use our methods to show that none of the 14 outstanding Certicom Challenge problem instances are weak in our sense, up to a certain weakness bound.

Vorheriger Artikel Side-channel analysis of a learning parity with physical noise processor

Nächster Artikel Correction to: Editorial about PROOFS 2019

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Barbulescu, R., Duquesne, S.: Updating key size estimations for pairings. J. Cryptol. 32(4), 1298–1336 (2019)MathSciNetCrossRef

Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 1–16. Springer (2014)

Barbulescu, R., Gaudry, P., Kleinjung, T.: The tower number field sieve. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 31–55. Springer (2015)

Barker, E., Chen, L., Roginsky, A., Vassilev, A., Davis, R.: Recommendation for pair-wise key-establishment schemes using discrete logarithm cryptography. NIST Special Publication 800-56A (Revision 3), National Institute of Standards and Technology (NIST) (2018)

Barreto, P.S., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: International Conference on Security in Communication Networks, pp. 257–267. Springer (2002)

Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Selected Areas in Cryptography, Lecture Notes in Computer Science, vol. 3897, pp. 319–331. Springer, Berlin (2006)

Bernstein, D.J., Lange, T.: SafeCurves: Choosing safe curves for elliptic-curve cryptography (2019). https://safecurves.cr.yp.to. Last Accessed 20 Oct 2020

Bos, J.W., Halderman, J.A., Heninger, N., Moore, J., Naehrig, M., Wustrow, E.: Elliptic curve cryptography in practice. In: Christin, N., Safavi-Naini, R. (eds.) Financial Cryptography and Data Security, pp. 157–175. Springer, Berlin (2014)

Brown, D.R.L., Gallant, R.P.: The static Diffie–Hellman problem. Cryptology ePrint Archive, Report 2004/306 (2004). https://eprint.iacr.org/2004/306

10.

Certicom: Certicom ECC challenge (2009). https://www.certicom.com/content/dam/certicom/images/pdfs/challenge-2009.pdf

11.

Cheon, J.H.: Security analysis of the strong Diffie-Hellman problem. In: Advances in cryptology—EUROCRYPT 2006, Lecture Notes in Computer Science, vol. 4004, pp. 1–11. Springer, Berlin (2006)

12.

Cheon, J.H.: Discrete logarithm problems with auxiliary inputs. J. Cryptol. 23(3), 457–476 (2010)MathSciNetCrossRef

13.

Cheon, J.H., Kim, T.: A new approach to the discrete logarithm problem with auxiliary inputs. LMS J. Comput. Math. 19(1), 1–15 (2016). https://doi.org/10.1112/S1461157015000303MathSciNetCrossRefMATH

14.

Cheon, J.H., Kim, T., Song, Y.S.: A group action on \({\mathbb{Z}} _p^\times \) and the generalized DLP with auxiliary inputs. In: Selected Areas in Cryptography—SAC 2013, Lecture Notes in Computer Science, vol. 8282, pp. 121–135. Springer, Heidelberg (2014)

15.

Costello, C., Longa, P.: \({\rm Four}{\mathbb{Q}}\): four-dimensional decompositions on a \({\mathbb{Q}}\)-curve over the Mersenne prime. In: Advances in Cryptology—ASIACRYPT 2015. Part I, Lecture Notes in Computer Science, vol. 9452, pp. 214–235. Springer, Heidelberg (2015)

16.

Independent security evaluators: ethercombing: finding secrets in popular places (2019). https://www.securityevaluators.com/casestudies/ethercombing/. Last Accessed 20 Oct 2020

17.

Izu, T., Takenaka, M., Yasuda, M.: Experimental analysis of Cheon’s algorithm against pairing-friendly curves. J. Inf. Process. 19, 441–450 (2011)

18.

Jacobson Jr., M.J., Kushwaha, P.: DLP-weak-private-keys (2020). https://github.com/Prabhat-Kush/DLP-weak-private-keys

19.

Joux, A., Lercier, R., Smart, N., Vercauteren, F.: The number field sieve in the medium prime case. In: Annual International Cryptology Conference, pp. 326–344. Springer (2006)

20.

Kachisa, E.J., Schaefer, E.F., Scott, M.: Constructing Brezing-Weng pairing-friendly elliptic curves using elements in the cyclotomic field. In: International Conference on Pairing-Based Cryptography, pp. 126–135. Springer (2008)

21.

Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: Annual International Cryptology Conference, pp. 543–571. Springer (2016)

22.

Kiyomura, Y., Inoue, A., Kawahara, Y., Yasuda, M., Takagi, T., Kobayashi, T.: Secure and efficient pairing at 256-bit security level. In: International Conference on Applied Cryptography and Network Security, pp. 59–79. Springer (2017)

23.

Kozaki, S., Kutsuma, T., Matsuo, K.: Remarks on Cheon’s algorithms for pairing-related problems. In: Pairing-Based Cryptography—Pairing 2007, Lecture Notes in Computer Science, vol. 4575, pp. 302–316. Springer, Berlin (2007)

24.

Kushwaha, P.: Improved lower bound for Diffie–Hellman problem using multiplicative group of a finite field as auxiliary group. J. Math. Cryptol. 12(2), 101–118 (2018)MathSciNetCrossRef

25.

Kushwaha, P., Mahalanobis, A.: A probabilistic baby-step giant-step algorithm. In: Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017), pp. 401–406. INSTICC, SciTePress (2017)

26.

Lochter, M., Merkle, J.: Elliptic Curve Cryptography (ECC) Brainpool standard curves and curve generation. RFC 5639, RFC Editor (2010)

27.

Maurer, U.M.: Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms. In: Advances in Cryptology—CRYPTO ’94 (Santa Barbara, CA, 1994), Lecture Notes in Computer Science, vol. 839, pp. 271–281. Springer, Berlin (1994)

28.

Maurer, U.M., Wolf, S.: The relationship between breaking the Diffie–Hellman protocol and computing discrete logarithms. SIAM J. Comput. 28(5), 1689–1721 (1999)MathSciNetCrossRef

29.

Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). Last Accessed 20 Oct 2020

30.

NIST: Digital Signature Standard (DSS). Federal Information Processing Standards Publications FIPS 186-4, National Institute of Standards and Technology (2013)

31.

Sakemi, Y., Hanaoka, G., Izu, T., Takenaka, M., Yasuda, M.: Solving a discrete logarithm problem with auxiliary input on a 160-bit elliptic curve. In: Public Key Cryptography—PKC 2012, Lecture Notes in Computer Science, vol. 7293, pp. 595–608. Springer, Heidelberg (2012)

32.

Sakemi, Y., Izu, T., Takenaka, M., Yasuda, M.: Solving DLP with auxiliary input over an elliptic curve used in TinyTate library. In: Ardagna, C.A., Zhou, J. (eds.) Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication, pp. 116–127. Springer, Berlin (2011)

33.

Sakemi, Y., Kobayashi, T., Saito, T.: Pairing-friendly curves (Internet-Draft) (2019). https://tools.ietf.org/html/draft-irtf-cfrg-pairing-friendly-curves-00. Last Accessed 20 Oct 2020

34.

Sarkar, P., Singh, S.: New complexity trade-offs for the (multiple) number field sieve algorithm in non-prime fields. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 429–458. Springer (2016)

35.

Satoh, T.: On generalization of Cheon’s algorithm. Cryptology ePrint Archive, Report 2009/058 (2009). https://eprint.iacr.org/2009/058

36.

Shumow, D., Ferguson, N.: On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng (2007). http://rump2007.cr.yp.to/15-shumow.pdf. Talk at CRYPTO 2017 rump session. Last Accessed October 20, 2020

37.

Smith, B.: Pre- and post-quantum Diffie-Hellman from groups, actions, and isogenies. In: Arithmetic of Finite Fields, Lecture Notes in Computer Science, vol. 11321, pp. 3–40. Springer, Cham (2018)

38.

Standards for Efficient Cryptography Group (SECG): SEC 2: Recommended elliptic curve domain parameters (2010). https://www.secg.org/sec2-v2.pdf

39.

The Sage Developers: SageMath, the Sage Mathematics Software System (Version 8.0) (2017). https://www.sagemath.org

40.

Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151, 1–32 (2014)

Titel: Removable weak keys for discrete logarithm-based cryptography
verfasst von: Michael John Jacobson Jr.
Prabhat Kushwaha
Publikationsdatum: 24.11.2020
Verlag: Springer Berlin Heidelberg
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 2/2021
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-020-00250-7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2021

Editorial about PROOFS 2015

Side-channel analysis of a learning parity with physical noise processor

A method for constructing sliding windows leak from noisy cache timing information

Correction to: Editorial about PROOFS 2019

IPM-RED: combining higher-order masking with robust error detection

Detecting faults in inner product masking scheme