Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Elements in Z*p\Gq are Dangerous
RISE - Research Institutes of Sweden, ICT, SICS.
2003 (Engelska)Rapport (Övrigt vetenskapligt)
Abstract [en]

A subgroup G_q, of prime order q, for which the discrete logarithm problem is assumed hard is mostly a subgroup of a larger group, e.g. Z_p^* for some prime p=k*q+1. Arithmetic for G_q is not implemented directly. Instead, arithmetic for the larger group, e.g. Z_p^*, is implemented, which gives arithmetic also for G_q. Furthermore, in most protocols based on arithmetic in G_q the participants do not verify their input properly. They only verify that inputs are in Z_p^*, even when they should verify that the inputs are in G_q. This practice sometimes allows the adversary to hand inputs from Z_p^*\G_q to honest participants without detection. Surprisingly, this seems to be a novel observation. In this paper we discuss the general problem further, introduce a novel class of attacks based on the above observations, and outline an efficient generic recipe for how to counter the attacks efficiently. To illustrate both the attacks and the countermeasures we provide examples of protocols that are vulnerable to the novel attacks, and show how they may be modified to counter the attacks. In particular we present attacks on the robustness for the majority of the El Gamal based mix-nets in the literature, and an attack on the privacy for the generic mix-net based on the proof of knowledge of correct shuffle of Furukawa and Sako.

Ort, förlag, år, upplaga, sidor
Swedish Institute of Computer Science , 2003, 1. , s. 20
Serie
SICS Technical Report, ISSN 1100-3154 ; T2003:05
Nyckelord [en]
cryptanalysis, mix-net, anonymous channel, electronic voting
Nationell ämneskategori
Data- och informationsvetenskap
Identifikatorer
URN: urn:nbn:se:ri:diva-22038OAI: oai:DiVA.org:ri-22038DiVA, id: diva2:1041580
Tillgänglig från: 2016-10-31 Skapad: 2016-10-31 Senast uppdaterad: 2018-12-17Bibliografiskt granskad

Open Access i DiVA

fulltext(295 kB)267 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 295 kBChecksumma SHA-512
84589d8dc00c151d55d96b01830c70560d5b6cf438e02e7c2fa13188a30ce3155b7b3e93803f77e8a530312e7f4ca1fe2c3b4a1fc966f0a1e9d5b6c546dec9e6
Typ fulltextMimetyp application/pdf

Av organisationen
SICS
Data- och informationsvetenskap

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 267 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

urn-nbn

Altmetricpoäng

urn-nbn
Totalt: 62 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf