Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Elements in Z*p\Gq are Dangerous
RISE - Research Institutes of Sweden, ICT, SICS.
2003 (English)Report (Other academic)
Abstract [en]

A subgroup G_q, of prime order q, for which the discrete logarithm problem is assumed hard is mostly a subgroup of a larger group, e.g. Z_p^* for some prime p=k*q+1. Arithmetic for G_q is not implemented directly. Instead, arithmetic for the larger group, e.g. Z_p^*, is implemented, which gives arithmetic also for G_q. Furthermore, in most protocols based on arithmetic in G_q the participants do not verify their input properly. They only verify that inputs are in Z_p^*, even when they should verify that the inputs are in G_q. This practice sometimes allows the adversary to hand inputs from Z_p^*\G_q to honest participants without detection. Surprisingly, this seems to be a novel observation. In this paper we discuss the general problem further, introduce a novel class of attacks based on the above observations, and outline an efficient generic recipe for how to counter the attacks efficiently. To illustrate both the attacks and the countermeasures we provide examples of protocols that are vulnerable to the novel attacks, and show how they may be modified to counter the attacks. In particular we present attacks on the robustness for the majority of the El Gamal based mix-nets in the literature, and an attack on the privacy for the generic mix-net based on the proof of knowledge of correct shuffle of Furukawa and Sako.

Place, publisher, year, edition, pages
Swedish Institute of Computer Science , 2003, 1. , p. 20
Series
SICS Technical Report, ISSN 1100-3154 ; T2003:05
Keywords [en]
cryptanalysis, mix-net, anonymous channel, electronic voting
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:ri:diva-22038OAI: oai:DiVA.org:ri-22038DiVA, id: diva2:1041580
Available from: 2016-10-31 Created: 2016-10-31 Last updated: 2018-12-17Bibliographically approved

Open Access in DiVA

fulltext(295 kB)265 downloads
File information
File name FULLTEXT01.pdfFile size 295 kBChecksum SHA-512
84589d8dc00c151d55d96b01830c70560d5b6cf438e02e7c2fa13188a30ce3155b7b3e93803f77e8a530312e7f4ca1fe2c3b4a1fc966f0a1e9d5b6c546dec9e6
Type fulltextMimetype application/pdf

By organisation
SICS
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 265 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 59 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf