Defeating the Ben-Zvi, Blackburn, and Tsaban Attack on the Algebraic Eraser
نویسندگان
چکیده
The Algebraic Eraser Diffie–Hellman (AEDH) protocol was introduced in 2005 and published in 2006 by I. Anshel, M. Anshel, D. Goldfeld, and S. Lemieux as a protocol suitable for use on platforms with constrained computational resources, such as FPGAs, ASICs, and wireless sensors. It is a group-theoretic cryptographic protocol that allows two users to construct a shared secret via a Diffie–Hellman-type scheme over an insecure channel. Building on the refuted 2012 permutation-based attack of Kalka–Teichner–Tsaban (KKT), Ben-Zvi, Blackburn, and Tsaban (BBT) present a heuristic attack, published November 13, 2015, that attempts to recover the AEDH shared secret. In their paper BBT reference the AEDH protocol as presented to ISO for certification (ISO 29167-20) by SecureRF. The ISO 29167-20 draft contains two profiles using the Algebraic Eraser. One profile is unaffected by this attack; the second profile is subject to their attack provided the attack runs in real time. This is not the case in most practical deployments. The BBT attack is simply a targeted attack that does not attempt to break the method, system parameters, or recover any private keys. Rather, its limited focus is to recover the shared secret in a single transaction. In addition, the BBT attack is based on several conjectures that are assumed to hold when parameters are chosen according to standard distributions, which can be mitigated, if not avoided. This paper shows how to choose special distributions so that these conjectures do not hold making the BBT attack ineffective for braid groups with sufficiently many strands. Further, the BBT attack assumes that certain data is available to an attacker, but there are realistic deployment scenarios where this is not the case, making the attack fail completely. In summary, the BBT attack is flawed (with respect to the SecureRF ISO draft) and, at a minimum, over-reaches as to its applicability.
منابع مشابه
Defeating the Kalka--Teicher--Tsaban linear algebra attack on the Algebraic Eraser
The Algebraic Eraser (AE) is a public key protocol for sharing information over an insecure channel using commutative and noncommutative groups; a concrete realization is given by Colored Burau Key Agreement Protocol (CBKAP). In this paper, we describe how to choose data in CBKAP to thwart an attack by Kalka–Teicher–Tsaban.
متن کاملA Practical Cryptanalysis of the Algebraic Eraser
Anshel, Anshel, Goldfeld and Lemieaux introduced the Colored Burau Key Agreement Protocol (CBKAP) as the concrete instantiation of their Algebraic Eraser scheme. This scheme, based on techniques from permutation groups, matrix groups and braid groups, is designed for lightweight environments such as RFID tags and other IoT applications. It is proposed as an underlying technology for ISO/IEC 291...
متن کاملCryptanalysis via algebraic spans
We introduce a method for obtaining provable polynomial time solutions of problems in nonabelian algebraic cryptography. This method is widely applicable, easier to apply, and more efficient than earlier methods. After demonstrating its applicability to the major classic nonabelian protocols, we use this method to cryptanalyze the Triple Decomposition key exchange protocol, the only classic gro...
متن کاملCryptanalysis of the Algebraic Eraser and short expressions of permutations as products
On March 2004, Anshel, Anshel, Goldfeld, and Lemieux introduced the Algebraic Eraser scheme for key agreement over an insecure channel. This scheme is based on semidirect products of algebraic structures, and uses a novel hybrid of infinite and finite noncommutative groups. They also introduced the Colored Burau Key Agreement Protocol (CBKAP), a concrete realization of this scheme. We present a...
متن کاملShort expressions of permutations as products and cryptanalysis of the Algebraic Eraser
On March 2004, Anshel, Anshel, Goldfeld, and Lemieux introduced the Algebraic Eraser scheme for key agreement over an insecure channel, using a novel hybrid of infinite and finite noncommutative groups. They also introduced the Colored Burau Key Agreement Protocol (CBKAP), a concrete realization of this scheme. We present general, efficient heuristic algorithms, which extract the shared key out...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2016 شماره
صفحات -
تاریخ انتشار 2016