Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Elements in Z*p\Gq are Dangerous
RISE - Research Institutes of Sweden, ICT, SICS.
2003 (engelsk)Rapport (Annet vitenskapelig)
Abstract [en]

A subgroup G_q, of prime order q, for which the discrete logarithm problem is assumed hard is mostly a subgroup of a larger group, e.g. Z_p^* for some prime p=k*q+1. Arithmetic for G_q is not implemented directly. Instead, arithmetic for the larger group, e.g. Z_p^*, is implemented, which gives arithmetic also for G_q. Furthermore, in most protocols based on arithmetic in G_q the participants do not verify their input properly. They only verify that inputs are in Z_p^*, even when they should verify that the inputs are in G_q. This practice sometimes allows the adversary to hand inputs from Z_p^*\G_q to honest participants without detection. Surprisingly, this seems to be a novel observation. In this paper we discuss the general problem further, introduce a novel class of attacks based on the above observations, and outline an efficient generic recipe for how to counter the attacks efficiently. To illustrate both the attacks and the countermeasures we provide examples of protocols that are vulnerable to the novel attacks, and show how they may be modified to counter the attacks. In particular we present attacks on the robustness for the majority of the El Gamal based mix-nets in the literature, and an attack on the privacy for the generic mix-net based on the proof of knowledge of correct shuffle of Furukawa and Sako.

sted, utgiver, år, opplag, sider
Swedish Institute of Computer Science , 2003, 1. , s. 20
Serie
SICS Technical Report, ISSN 1100-3154 ; T2003:05
Emneord [en]
cryptanalysis, mix-net, anonymous channel, electronic voting
HSV kategori
Identifikatorer
URN: urn:nbn:se:ri:diva-22038OAI: oai:DiVA.org:ri-22038DiVA, id: diva2:1041580
Tilgjengelig fra: 2016-10-31 Laget: 2016-10-31 Sist oppdatert: 2018-12-17bibliografisk kontrollert

Open Access i DiVA

fulltekst(295 kB)267 nedlastinger
Filinformasjon
Fil FULLTEXT01.pdfFilstørrelse 295 kBChecksum SHA-512
84589d8dc00c151d55d96b01830c70560d5b6cf438e02e7c2fa13188a30ce3155b7b3e93803f77e8a530312e7f4ca1fe2c3b4a1fc966f0a1e9d5b6c546dec9e6
Type fulltextMimetype application/pdf

Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 267 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

urn-nbn

Altmetric

urn-nbn
Totalt: 62 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.45.0