Merkle’s Key Agreement Protocol is Optimal: An O(n) Attack on any Key Agreement from Random Oracles
نویسندگان
چکیده
We prove that every key agreement protocol in the random oracle model in which the honest users make at most n queries to the oracle can be broken by an adversary who makes O(n) queries to the oracle. This improves on the previous Ω̃(n) query attack given by Impagliazzo and Rudich (STOC ’89) and resolve an open question posed by them. Our bound is optimal up to a constant factor since Merkle proposed a key agreement protocol in 1974 that can be easily implemented with n queries to a random oracle and cannot be broken by any adversary who asks o(n) queries.
منابع مشابه
On the Communication Complexity of Key-Agreement Protocols
Key-agreement protocols whose security is proven in the random oracle model are an important alternative to the more common public-key based key-agreement protocols. In the random oracle model, the parties and the eavesdropper have access to a shared random function (an “oracle”), but they are limited in the number of queries they can make to it. Unfortunately, as shown by Impagliazzo and Rudic...
متن کاملBreaking One-Round Key-Agreement Protocols in the Random Oracle Model
In this paper we study one-round key-agreement protocols analogous to Merkle’s puzzles in the random oracle model. The players Alice and Bob are allowed to query a random permutation oracle n times and upon their queries and communication, they both output the same key with high probability. We prove that Eve can always break such a protocol by querying the oracle O(n) times. The long-time unpr...
متن کامل3 Ja n 20 08 Merkle Puzzles are Optimal
We prove that every key exchange protocol in the random oracle model in which the honest users make at most n queries to the oracle can be broken by an adversary making O(n) queries to the oracle. This improves on the previous Ω̃(n) query attack given by Impagliazzo and Rudich (STOC’ 89). Our bound is optimal up to a constant factor since Merkle (CACM ’78) gave an n query key exchange protocol i...
متن کاملProvably secure and efficient identity-based key agreement protocol for independent PKGs using ECC
Key agreement protocols are essential for secure communications in open and distributed environments. Recently, identity-based key agreement protocols have been increasingly researched because of the simplicity of public key management. The basic idea behind an identity-based cryptosystem is that a public key is the identity (an arbitrary string) of a user, and the corresponding private key is ...
متن کاملA NEW PROTOCOL MODEL FOR VERIFICATION OF PAYMENT ORDER INFORMATION INTEGRITY IN ONLINE E-PAYMENT SYSTEM USING ELLIPTIC CURVE DIFFIE-HELLMAN KEY AGREEMENT PROTOCOL
Two parties that conduct a business transaction through the internet do not see each other personally nor do they exchange any document neither any money hand-to-hand currency. Electronic payment is a way by which the two parties transfer the money through the internet. Therefore integrity of payment and order information of online purchase is an important concern. With online purchase the cust...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013