6 research outputs found
Defeating the Ben-Zvi, Blackburn, and Tsaban Attack on the Algebraic Eraser
The Algebraic Eraser Diffie-Hellman (AEDH) protocol was introduced in 2005
and published in 2006 by Anshel-Anshel-Goldfeld-Lemieux as a protocol suitable
for use on platforms with constrained computational resources, such as FPGAs,
ASICs, and wireless sensors. It is a group-theoretic cryptographic protocol
that allows two users to construct a shared secret via a Diffie-Hellman-type
scheme over an insecure channel.
Building on the refuted 2012 permutation-based attack of
Kalka-Teichner-Tsaban, in 2015 Ben-Zvi-Blackburn-Tsaban (BBT) presented a
heuristic attack that attempts to recover the AEDH shared secret. In their
paper BBT reference the AEDH protocol as presented to ISO for certification
(ISO 29167-20) by SecureRF. The ISO draft contains two profiles using the
Algebraic Eraser. One profile is unaffected by this attack; the second profile
is subject to their attack provided the attack runs in real time. This is not
the case in most practical deployments.
The BBT attack is simply a targeted attack that does not attempt to break the
method, system parameters, or recover any private keys. Rather, its limited
focus is to recover the shared secret in a single transaction. In addition, the
BBT attack is based on several conjectures that are assumed to hold when
parameters are chosen according to standard distributions, which can be
mitigated, if not avoided. This paper shows how to choose special distributions
so that these conjectures do not hold making the BBT attack ineffective for
braid groups with sufficiently many strands. Further, the BBT attack assumes
that certain data is available to an attacker, but there are realistic
deployment scenarios where this is not the case, making the attack fail
completely. In summary, the BBT attack is flawed (with respect to the SecureRF
ISO draft) and, at a minimum, over-reaches as to its applicability
Hickory Hash(TM): Implementing an Instance of an Algebraic Eraser(TM) Hash Function on an MSP430 Microcontroller
Recently a novel family of braid based cryptographic hash function candidates was published, claiming to be suitable for use in low resource environments. It was shown that the new hash function family performed extremely well on a range of cryptographic test suites. In this paper we instantiate an instance of the hash family, called Hickory Hash, fix a set of parameters, implement it on a Texas Instruments MSP430 16-bit microcontroller, and compare its performance characteristics to SHA2. We show that the Hickory Hash can be a viable tool for low-power, constrained devices like those associated with the Internet of Things
WalnutDSA(TM): A Quantum-Resistant Digital Signature Algorithm
In 2005 I. Anshel, M. Anshel, D. Goldfeld, and S. Lemieux introduced E-Multiplication(TM), a quantum-resistant, group-theoretic, one-way function which can be used as a basis for many different cryptographic applications. This one-way function was specifically designed for constrained devices, running extremely quickly and requiring very little code.
This paper introduces WalnutDSA, a new E-Multiplication-based public-key method which provides efficient verification, allowing low-power and constrained devices to quickly and inexpensively validate digital signatures (e.g., a certificate or authentication). It presents an in-depth discussion of the construction of the digital signature algorithm, analyzes the security of the scheme, provides a proof of security under EUF-CMA, and discusses the practical results from implementations on several constrained devices
Defeating the Hart et al, Beullens-Blackburn, Kotov-Menshov-Ushakov, and Merz-Petit Attacks on WalnutDSA(TM)
The Walnut Digital Signature Algorithm (WalnutDSA) brings together methods in group theory, representation theory, and number theory, to yield a public-key method that provides a means for messages to be signed and signatures to be verified, on platforms where traditional approaches cannot be executed. After briefly reviewing the various heuristic/practical attacks that have be posited by Hart et al, Beullens-Blackburn, Kotov-Menshov-Ushakov, and Merz-Petit, we detail the parameter choices that defeat each attack, ensure the security of the of the method, and demonstrate its continued utility
Kayawood, a Key Agreement Protocol
Public-key solutions based on number theory, including RSA, ECC, and Diffie-Hellman, are subject to various quantum attacks, which makes such solutions less attractive long term. Certain group theoretic constructs, however, show promise in providing quantum-resistant cryptographic primitives because of the infinite, non-cyclic, non-abelian nature of the underlying mathematics. This paper introduces Kayawood Key Agreement protocol (Kayawood, or Kayawood KAP), a new group-theoretic key agreement protocol, that leverages the known NP-Hard shortest word problem (among others) to provide an Elgamal-style, Diffie-Hellman-like method. This paper also (i) discusses the implementation of and behavioral aspects of Kayawood, (ii) introduces new methods to obfuscate braids using Stochastic Rewriting, and (iii) analyzes and demonstrates Kayawood\u27s security and resistance to known quantum attacks