• DocumentCode
    2205035
  • Title

    On Small Subgroup Non-confinement Attack

  • Author

    Hao, Feng

  • Author_Institution
    Thales E-Security, Cambridge, UK
  • fYear
    2010
  • fDate
    June 29 2010-July 1 2010
  • Firstpage
    1022
  • Lastpage
    1025
  • Abstract
    The small subgroup confinement attack works by confining cryptographic operations within a small subgroup, in which exhaustive search is feasible. This attack is overt and hence can be easily thwarted by adding a public key validation: verifying the received group element has proper order. In this paper, we present a different aspect of the small subgroup attack. Sometimes, the fact that an operation does not fall into the small subgroup confinement may provide an oracle to an attacker, leaking partial information about the long-term secrets. This attack is subtle and reflects structural weakness of a protocol; the question of whether the protocol has a public key validation is completely irrelevant. As a concrete example, we show how this attack works on the Secure Remote Password (SRP-6) protocol.
  • Keywords
    cryptographic protocols; public key cryptography; cryptographic operations; long-term secrets; public key validation; received group element verification; secure remote password protocol; small subgroup nonconfinement attack; Dictionaries; Generators; Protocols; Public key; Servers; Secure Remote Password protocol; password authenticated key exchange; secure communication;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on
  • Conference_Location
    Bradford
  • Print_ISBN
    978-1-4244-7547-6
  • Type

    conf

  • DOI
    10.1109/CIT.2010.187
  • Filename
    5578492
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2205035