Defeating the Ben-Zvi, Blackburn, and Tsaban Attack on the Algebraic Eraser

The Algebraic Eraser Diffie-Hellman (AEDH) protocol was introduced in 2005 and published in 2006 by Anshel-Anshel-Goldfeld-Lemieux as a protocol suitable for use on platforms with constrained computational resources, such as FPGAs, ASICs, and wireless sensors. It is a group-theoretic cryptographic protocol that allows two users to construct a shared secret via a Diffie-Hellman-type scheme over an insecure channel. Building on the refuted 2012 permutation-based attack of Kalka-Teichner-Tsaban, in 2015 Ben-Zvi-Blackburn-Tsaban (BBT) presented a heuristic attack that attempts to recover the AEDH shared secret. In their paper BBT reference the AEDH protocol as presented to ISO for certification (ISO 29167-20) by SecureRF. The ISO draft contains two profiles using the Algebraic Eraser. One profile is unaffected by this attack; the second profile is subject to their attack provided the attack runs in real time. This is not the case in most practical deployments. The BBT attack is simply a targeted attack that does not attempt to break the method, system parameters, or recover any private keys. Rather, its limited focus is to recover the shared secret in a single transaction. In addition, the BBT attack is based on several conjectures that are assumed to hold when parameters are chosen according to standard distributions, which can be mitigated, if not avoided. This paper shows how to choose special distributions so that these conjectures do not hold making the BBT attack ineffective for braid groups with sufficiently many strands. Further, the BBT attack assumes that certain data is available to an attacker, but there are realistic deployment scenarios where this is not the case, making the attack fail completely. In summary, the BBT attack is flawed (with respect to the SecureRF ISO draft) and, at a minimum, over-reaches as to its applicability

Herald of Holiness Volume 56, Number 42 (1967)

02 The Bible-the Great Disturber By General Superintendent Coulter 03 Traveling in Circle By G. Franklin Allee 04 They Linger By William Goodman 05 Keys By Milo Arnold 06 It Won’t Be Gone Tomorrow By Robert H. Scott 07 Sustaining Faith By Pearl Burnside McKinney 08 The life-sustaining Word By E. E. Wordsworth 09 Helps to Holy Living: How Effective Is Your Life? By Ronald Fry 10 Editorially Speaking By W. T. Purkiser 11 The Bible By Kathryn Blackburn Peck 12 Stories Missionaries Never Tell By Elden Rawlings 14 Roads to a Radiant Lift: What Time I Am Afraid By Paul Culbertson 14 News of Revival 15 Pro/Con: Letters to the Editor 16 Campus Commentary By Dr. Willis Snowbarger 17 Vital Statistics 17 News of Religion 18 Of People and Places 19 Next Sunday\u27s Lesson By A. Elwood Sanner 19 The Answer Corner Conducted by W. T. Purkiserhttps://digitalcommons.olivet.edu/cotn_hoh/2487/thumbnail.jp

Distinct difference configurations: multihop paths and key predistribution in sensor networks

A distinct difference configuration is a set of points in Z2 with the property that the vectors (difference vectors) connecting any two of the points are all distinct. Many specific examples of these configurations have been previously studied: the class of distinct difference configurations includes both Costas arrays and sonar sequences, for example. Motivated by an application of these structures in key predistribution for wireless sensor networks, we define the k-hop coverage of a distinct difference configuration to be the number of distinct vectors that can be expressed as the sum of k or fewer difference vectors. This is an important parameter when distinct difference configurations are used in the wireless sensor application, as this parameter describes the density of nodes that can be reached by a short secure path in the network. We provide upper and lower bounds for the k-hop coverage of a distinct difference configuration with m points, and exploit a connection with Bh sequences to construct configurations with maximal k-hop coverage. We also construct distinct difference configurations that enable all small vectors to be expressed as the sum of two of the difference vectors of the configuration, an important task for local secure connectivity in the application

Group theory in cryptography

This paper is a guide for the pure mathematician who would like to know more about cryptography based on group theory. The paper gives a brief overview of the subject, and provides pointers to good textbooks, key research papers and recent survey papers in the area.Comment: 25 pages References updated, and a few extra references added. Minor typographical changes. To appear in Proceedings of Groups St Andrews 2009 in Bath, U

Contextualism, Moral Disagreement, and Proposition Clouds

According to contextualist theories in metaethics, when you use a moral term in a context, the context plays an ineliminable part in determining what natural property will be the semantic value of the term. Furthermore, on subjectivist and relativist versions of these views, it is either the speaker's own moral code or her moral community's moral code that constitutes the reference-fixing context. One standard objection to views of this type is that they fail to enable us to disagree in ordinary conversations. In this chapter, I develop a new response to this objection on the basis of Kai von Fintel and Anthony Gillies' notion of proposition clouds. I argue that, because we live in a multicultural society, the conversational contexts we face will fail to disambiguate between all the things we could mean. This is why we can at best put into play proposition clouds when we make moral utterances. All the propositions in such clouds are then available for rejection and acceptance on the behalf of our audiences. The norms of conversation then guide us to make informative contributions to the conversation - accept and reject propositions in a way that leads to co-ordination of action and choice

Cryptanalysis of three matrix-based key establishment protocols

We cryptanalyse a matrix-based key transport protocol due to Baumslag, Camps, Fine, Rosenberger and Xu from 2006. We also cryptanalyse two recently proposed matrix-based key agreement protocols, due to Habeeb, Kahrobaei and Shpilrain, and due to Romanczuk and Ustimenko.Comment: 9 page

Enabling Social Applications via Decentralized Social Data Management

An unprecedented information wealth produced by online social networks, further augmented by location/collocation data, is currently fragmented across different proprietary services. Combined, it can accurately represent the social world and enable novel socially-aware applications. We present Prometheus, a socially-aware peer-to-peer service that collects social information from multiple sources into a multigraph managed in a decentralized fashion on user-contributed nodes, and exposes it through an interface implementing non-trivial social inferences while complying with user-defined access policies. Simulations and experiments on PlanetLab with emulated application workloads show the system exhibits good end-to-end response time, low communication overhead and resilience to malicious attacks.Comment: 27 pages, single ACM column, 9 figures, accepted in Special Issue of Foundations of Social Computing, ACM Transactions on Internet Technolog

A unified approach to combinatorial key predistribution schemes for sensor networks

There have been numerous recent proposals for key predistribution schemes for wireless sensor networks based on various types of combinatorial structures such as designs and codes. Many of these schemes have very similar properties and are analysed in a similar manner. We seek to provide a unified framework to study these kinds of schemes. To do so, we define a new, general class of designs, termed “partially balanced t-designs”, that is sufficiently general that it encompasses almost all of the designs that have been proposed for combinatorial key predistribution schemes. However, this new class of designs still has sufficient structure that we are able to derive general formulas for the metrics of the resulting key predistribution schemes. These metrics can be evaluated for a particular scheme simply by substituting appropriate parameters of the underlying combinatorial structure into our general formulas. We also compare various classes of schemes based on different designs, and point out that some existing proposed schemes are in fact identical, even though their descriptions may seem different. We believe that our general framework should facilitate the analysis of proposals for combinatorial key predistribution schemes and their comparison with existing schemes, and also allow researchers to easily evaluate which scheme or schemes present the best combination of performance metrics for a given application scenario