4 research outputs found
Combined small subgroups and side-channel attack on elliptic curves with cofactor divisible by
Nowadays, alternative models of elliptic curves like Montgomery, Edwards, twisted Edwards, Hessian, twisted Hessian, Huff\u27s curves and many others are very popular and many people use them in cryptosystems which are based on elliptic curve cryptography. Most of these models allow to use fast and complete arithmetic which is especially convenient in fast implementations that are side-channel attacks resistant. Montgomery, Edwards and twisted Edwards curves have always order of group of rational points divisible by 4. Huff\u27s curves have always order of rational points divisible by 8. Moreover, sometimes to get fast and efficient implementations one can choose elliptic curve with even bigger cofactor, for example 16. Of course the bigger cofactor is, the smaller is the security of cryptosystem which uses such elliptic curve. In this article will be checked what influence on the security has form of cofactor of elliptic curve and will be showed that in some situations elliptic curves with cofactor divisible by are vulnerable for combined small subgroups and side-channel attacks
Combined small subgroups and side-channel attack on elliptic curves with cofactor divisible by
Nowadays, alternative models of elliptic curves like Montgomery, Edwards, twisted Edwards, Hessian, twisted Hessian, Huff's curves and many others are very popular and many people use them in cryptosystems which are based on elliptic curve cryptography. Most of these models allow to use fast and complete arithmetic which is especially convenient in fast implementations that are side-channel attacks resistant. Montgomery, Edwards and twisted Edwards curves have always order of group of rational points divisible by 4. Huff's curves have always order of rational points divisible by 8. Moreover, sometimes to get fast and efficient implementations one can choose elliptic curve with even bigger cofactor, for example 16. Of course the bigger cofactor is, the smaller is the security of cryptosystem which uses such elliptic curve. In this article will be checked what influence on the security has form of cofactor of elliptic curve and will be showed that in some situations elliptic curves with cofactor divisible by are vulnerable for combined small subgroups and side-channel attacks
Key establishment --- security models, protocols and usage
Key establishment is the process whereby two or more parties derive a shared
secret, typically used for subsequent confidential communication. However,
identifying the exact security requirements for key establishment protocols is
a non-trivial task. This thesis compares, extends and merges existing security
definitions and models for key establishment protocols.
The primary focus is on two-party key agreement schemes in the public-key
setting. On one hand new protocols are proposed and analyzed in the existing
Canetti-Krawzcyk model. On the other hand the thesis develops a security model
and novel definition that capture the essential security attributes of the
standardized Unified Model key agreement protocol. These analyses lead to the
development of a new security model and related definitions that combine and
extend the Canetti-Krawzcyk pre- and post- specified peer models in terms of
provided security assurances.
The thesis also provides a complete analysis of a one-pass key establishment
scheme. There are security goals that no one-pass key establishment scheme can
achieve, and hence the two-pass security models and definitions need to be
adapted for one-pass protocols. The analysis provided here includes
the description of the required modification to the underlying security model.
Finally, a complete security argument meeting these altered conditions is
presented as evidence supporting the security of the one-pass scheme.
Lastly, validation and reusing short lived key pairs are related to
efficiency, which is a major objective in practice. The thesis considers the
formal implication of omitting validation steps and reusing short lived key
pairs. The conclusions reached support the generally accepted cryptographic
conventions that incoming messages should not be blindly trusted and extra
care should be taken when key pairs are reused