Journal of Information Processing Systems

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Solving the Discrete Logarithm Problem for Ephemeral Keys in Chang and Chang Password Key Exchange Protocol

  • Padmavathy, R. (Dept. of Computer Science and Engineering, National Institute of Technology) ;
  • Bhagvati, Chakravarthy (Dept. of Computer and Information Sciences, University of Hyderabad)
  • Received : 2010.03.08
  • Accepted : 2010.08.07
  • Published : 2010.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

The present study investigates the difficulty of solving the mathematical problem, namely the DLP (Discrete Logarithm Problem) for ephemeral keys. The DLP is the basis for many public key cryptosystems. The ephemeral keys are used in such systems to ensure security. The DLP defined on a prime field $Z^*_p of random prime is considered in the present study. The most effective method to solve the DLP is the ICM (Index Calculus Method). In the present study, an efficient way of computing the DLP for ephemeral keys by using a new variant of the ICM when the factors of p-1 are known and small is proposed. The ICM has two steps, a pre-computation and an individual logarithm computation. The pre-computation step is to compute the logarithms of a subset of a group and the individual logarithm step is to find the DLP using the precomputed logarithms. Since the ephemeral keys are dynamic and change for every session, once the logarithms of a subset of a group are known, the DLP for the ephemeral key can be obtained using the individual logarithm step. Therefore, an efficient way of solving the individual logarithm step based on the newly proposed precomputation method is presented and the performance is analyzed using a comprehensive set of experiments. The ephemeral keys are also solved by using other methods, which are efficient on random primes, such as the Pohlig-Hellman method, the Van Oorschot method and the traditional individual logarithm step. The results are compared with the newly proposed individual logarithm step of the ICM. Also, the DLP of ephemeral keys used in a popular password key exchange protocol known as Chang and Chang are computed and reported to launch key recovery attack.

Keywords

References

  1. J. Buchmann and D. Weber, “Discrete Logarithms:Recent Progress,” Technical report, no:T1-12/98.
  2. H. Cohen, and G. Fery, ‘Handbook of Elliptic and Hyperelliptic Curve Cryptography,' Discrete Mathematics and Applications, CRC Press, 2005.
  3. D. Coppersmith, A. M Odlyzko, and R. Schroeppel, "Discrete logarithms in GF(p)," Algorithmica, v1, pp.1-15, 1986. https://doi.org/10.1007/BF01840433
  4. CC. Chang., YF. Chang, "A novel three party encrypted key exchange protocol," Computer Standards and Interfaces, v26(5), pp.471-6, 2004. https://doi.org/10.1016/j.csi.2003.12.001
  5. W. Diffie, and M. Hellman, "New Directions in cryptography," IEEE Transaction on Information The ory, v22(6), pp.644-54, 1976. https://doi.org/10.1109/TIT.1976.1055638
  6. D. M Gordon, "Discrete logarithms in GF(p) using the number field sieve," SIAM Journal of Discrete Mathematics, v6, pp.124-138, 1992. https://doi.org/10.1137/0406010
  7. D. E Knuth, The Art of computer programming,vol.3:Sorting and Searching, Addison-Wesley, 1973.
  8. McCurely, "The Discrete logarithm problem," Cryptology and computational number theory proceeding of symposia in Applied Mathematics, v42, pp.49-74.
  9. A. Menezes, and U. Berkant, On Reusing Ephemeral Keys in Diffie-Hellman Key Agreement Protocols, preprint, 2008.
  10. R. Padmavathy, and Chakravarthy Bhagvati, "A Key Recovery Attack on Chang and Chang Password Key Exchange Protocol," International Conference on Computer and Network Technology, 2009.
  11. J. M Pollard, "Monte Carlo methods for index computation (mod p)," Mathematics of Computation., v32(143), pp.106-110, 1978.
  12. S. Pohlig, and M. Hellman, "An improved algorithm for computing logarithms over GF(p) and its cryptographic significance," IEEE Transaction on Information Theory, v24, pp.106-110, 1978. https://doi.org/10.1109/TIT.1978.1055817
  13. J. Silverman, "The xedni calculus and the elliptic curve logarithm problem," Design Codes and Cryptography, v20, pp.5-40, 2000. https://doi.org/10.1023/A:1008319518035
  14. O. Schirokauer, D.Weber and T. Denny, "Discrete logarithms the effectiveness of the index calculus method," Proceeding of ANTS II, LNCS v1122, pp.337-361, 1996.
  15. C. Studholme, Discrete logarithm problem, Research paper requirement (milestone) of the PhD program at the University of Toronto, June 21, 2002.
  16. P. C, Van Oorschot and M. J, Wiener, "On Diffie-Hellman Key agreement with short Exponents," Proceeding of Eurocrypt LNCS v1070, pp.332-343, 1996
  17. D. Weber, "Computing Discrete logarithms with the general number field sieve," Proceeding of ANTS II, LNCS v1122, pp.99-114, 1996.
  18. D.Weber and T. Denny, The solution of McCurleys discrete log challenge, Proceeding of Crypto98, LNCS v1462, pp.458-471, 1998.
  19. EJ. Yoon and KY. Yoo, "Improving the novel three-party encrypted key exchange protocol," Computer Standards and Interfaces, v30, pp.309-314, 2008. https://doi.org/10.1016/j.csi.2007.08.018