Solving Discrete Logarithms from Partial Knowledge of the Key

Gopalakrishnan, Kailash; Thériault, Nicolas; Yao, Chui Zhi

doi:10.1007/978-3-540-77026-8_17

Cited by 16 publications

(22 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…On the other hand, due to the out-layer extractor, we cannot directly adopt any known (generic) DLP algorithms, such as [GTY07,GPR13]. Instead, our puzzle solver just exhaustively searches for a valid solution.…”

Section: The Dlp Based Puzzle and Calibrating Its Hardnessmentioning

confidence: 99%

Indistinguishable Proofs of Work or Knowledge

Baldimtsi

Kiayias

Zacharias

et al. 2016

Advances in Cryptology – ASIACRYPT 2016

View full text Add to dashboard Cite

We introduce a new class of protocols called Proofs of Work or Knowledge (PoWorKs). In a PoWorK, a prover can convince a verifier that she has either performed work or that she possesses knowledge of a witness to a public statement without the verifier being able to distinguish which of the two has taken place. We formalize PoWorK in terms of three properties, completeness, f -soundness and indistinguishability (where f is a function that determines the tightness of the proof of work aspect) and present a construction that transforms 3-move HVZK protocols into 3-move public-coin PoWorKs. To formalize the work aspect in a PoWorK protocol we define cryptographic puzzles that adhere to certain uniformity conditions, which may also be of independent interest. We instantiate our puzzles in the random oracle (RO) model as well as via constructing "dense" versions of suitably hard one-way functions.We then showcase PoWorK protocols by presenting a number of applications. We first show how non-interactive PoWorKs can be used to reduce spam email by forcing users sending an e-mail to either prove to the mail server they are approved contacts of the recipient or to perform computational work. As opposed to previous approaches that applied proofs of work to this problem, our proposal of using PoWorKs is privacy-preserving as it hides the list of the receiver's approved contacts from the mail server. Our second application, shows how PoWorK can be used to compose cryptocurrencies that are based on proofs of work ("Bitcoin-like") with cryptocurrencies that are based on knowledge relations (these include cryptocurrencies that are based on "proof of stake", and others). The resulting PoWorK-based cryptocurrency inherits the robustness properties of the underlying two systems while PoWorK-indistinguishability ensures a uniform population of miners. Finally, we show that PoWorK protocols imply straight-line quasi-polynomial simulatable arguments of knowledge and based on our construction we obtain an efficient straight-line concurrent 3-move statistically quasi-polynomial simulatable argument of knowledge.

show abstract

Section: The Dlp Based Puzzle and Calibrating Its Hardnessmentioning

confidence: 99%

Indistinguishable Proofs of Work or Knowledge

Baldimtsi

Kiayias

Zacharias

et al. 2016

Advances in Cryptology – ASIACRYPT 2016

View full text Add to dashboard Cite

show abstract

“…Gopalakrishnan, Thériault, and Yao [8] studied key recovery for ECC if a side-channel attack only provided some bits of the key. In contrast to our model they assume that the known bits are absolutely correct and do not discuss the possibility that we might have partial information on a subkey.…”

Section: Comparison and Conclusionmentioning

confidence: 99%

“…Often there are too few bits fully recovered to make searching the remaining key space feasible. Using not only fully recovered bits but also the partial information we can search an interval smartly and possibly recover the solution to the DLP where [8] could not. Finally, they do not consider enumeration and rank computation.…”

Section: Comparison and Conclusionmentioning

confidence: 99%

“…This is true for the very common case of implementations using windowing methods (including signed and sliding) starting from the most significant bits. However, we can adjust our method to the scenarios considered in [8] as we will now discuss.…”

Section: Comparisonmentioning

confidence: 99%

“…The second scenario [8] poses is that the information is not on any specific bits, but on the square-and-multiply chain. In this case the enumeration tree of figure 1 would become a binary tree.…”

Section: Comparisonmentioning

confidence: 99%

See 2 more Smart Citations

Kangaroos in Side-Channel Attacks

Lange

Vredendaal

Wakker³

2015

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

Abstract. Side-channel attacks are a powerful tool to discover the cryptographic secrets of a chip or other device but only too often do they require too many traces or leave too many possible keys to explore. In this paper we show that for side channel attacks on discrete-logarithmbased systems significantly more unknown bits can be handled by using Pollard's kangaroo method: if b bits are unknown then the attack runs in 2 b/2 instead of 2 b . If an attacker has many targets in the same group and thus has reasons to invest in precomputation, the costs can even be brought down to 2 b/3 . Usually the separation between known and unknown keybits is not this clear cut -they are known with probabilities ranging between 100% and 0%. Enumeration and rank estimation of cryptographic keys based on partial information derived from cryptanalysis have become important tools for security evaluations. They make the line between a broken and secure device more clear and thus help security evaluators determine how high the security of a device is. For symmetric-key cryptography there has been some recent work on key enumeration and rank estimation, but for discrete-logarithm-based systems these algorithms fail because the subkeys are not independent and the algorithms cannot take advantage of the above-mentioned faster attacks. We present -enumeration as a new method to compute the rank of a key by using the probabilities together with (variations of) Pollard's kangaroo algorithm and give experimental evidence.

show abstract

On the Security of the (F)HMQV Protocol

Sarr

Elbaz-Vincent

2016

Progress in Cryptology – AFRICACRYPT 2016

View full text Add to dashboard Cite

Solving Discrete Logarithms from Partial Knowledge of the Key

Cited by 16 publications

References 24 publications

Indistinguishable Proofs of Work or Knowledge

Indistinguishable Proofs of Work or Knowledge

Kangaroos in Side-Channel Attacks

On the Security of the (F)HMQV Protocol

Contact Info

Product

Resources

About