Defeating the Ben-Zvi, Blackburn, and Tsaban Attack on the Algebraic Eraser

The Algebraic Eraser Diffie-Hellman (AEDH) protocol was introduced in 2005 and published in 2006 by Anshel-Anshel-Goldfeld-Lemieux as a protocol suitable for use on platforms with constrained computational resources, such as FPGAs, ASICs, and wireless sensors. It is a group-theoretic cryptographic protocol that allows two users to construct a shared secret via a Diffie-Hellman-type scheme over an insecure channel. Building on the refuted 2012 permutation-based attack of Kalka-Teichner-Tsaban, in 2015 Ben-Zvi-Blackburn-Tsaban (BBT) presented a heuristic attack that attempts to recover the AEDH shared secret. In their paper BBT reference the AEDH protocol as presented to ISO for certification (ISO 29167-20) by SecureRF. The ISO draft contains two profiles using the Algebraic Eraser. One profile is unaffected by this attack; the second profile is subject to their attack provided the attack runs in real time. This is not the case in most practical deployments. The BBT attack is simply a targeted attack that does not attempt to break the method, system parameters, or recover any private keys. Rather, its limited focus is to recover the shared secret in a single transaction. In addition, the BBT attack is based on several conjectures that are assumed to hold when parameters are chosen according to standard distributions, which can be mitigated, if not avoided. This paper shows how to choose special distributions so that these conjectures do not hold making the BBT attack ineffective for braid groups with sufficiently many strands. Further, the BBT attack assumes that certain data is available to an attacker, but there are realistic deployment scenarios where this is not the case, making the attack fail completely. In summary, the BBT attack is flawed (with respect to the SecureRF ISO draft) and, at a minimum, over-reaches as to its applicability

Media Bank--access and access control

Thesis (M.S.)--Massachusetts Institute of Technology, Program in Media Arts & Sciences, 1995.Includes bibliographical references (p. 91-92).by Derek Allan Atkins.M.S

Some empirical results concerning the modelling of industrial distribution systems

This research thesis aims to add to the understanding of industrial distribution systems and to develop our ability to model such systems. The work is empirically based, taking a particular distribution system, studying it in depth and observing it during a period of change and reorganisation. The thesis is also part of a wider research programme to investigate the problems of applying Operation Research to decision making in unstable environments. Change in distribution systems often provides good examples of this form of decision making, and some tentative generalisations are drawn as a contribution to this wider programme. Empirical research into either distribution systems or decision making in unstable environments poses the problem of access. A characteristic of this form of decision making is its informality, without the usual stress on committees and reports found with more formal long range planning. In order to ensure access to the real decision making process the researcher became an indispensable part of that process. The research method adopted was of a type since become known as the dual researcher/change agent type. With this method the researcher had the two responsibilities of solving the particular problem while recording material as objectively as possible for research analysis. Hence a subobjective of the research programme was a project to diagnose and cure a problem arising in the distributive system under study. To do this two models were developed. Firstly a channel choice model which summarised the economic variables of the distributive system. By exploiting a particular structure inherent in the model, this could be recast into a form similar to the classical transportation algorithm. As the cost matrix was of a predominantly block-diagonal form an extended application of the saddle- point theorem allowed an efficient' dual decomposition procedure to be developed. The second model relied on attitudinal data, and attempted to model merchants’ behaviour in terms of how they construed their role in the distributive system and of the pressures placed upon them through the bargaining relationship. These models were used in tandem, the first demonstrating the ideal channel choice configuration from. the manufacturer's point of view, the second showing what could feasibly be achieved in spite of the power structure maintained by the merchants

Addressing the Algebraic Eraser Diffie--Hellman Over-the-Air Protocol

The Algebraic Eraser Diffie-Hellman (AEDH) protocol, first introduced in 2005 as a key agreement and authentication protocol, has been proposed as a standard in ISO JTC-1/SC-31 (29167-20) to protect various communication protocols like RFID, NFC, or Bluetooth for devices associated with ISO-18000 and the Internet of Things. A recent paper by M.J.B. Robshaw and Simon R Blackburn claims to recover sufficient data to impersonate a device or, with a bit more work, recover the private keys of a device if an attacker uses the draft 29167-20 protocol and gains direct access to the resulting shared secret computation. This paper shows that simply adding a Hash or a Message Authentication Code (MAC) to the proposed authentication protocol overcomes the purported attacks. These simple standard enhancements thwart all of these attacks; that is, attacks of this nature fail. As the 29167-20 draft is currently a work item under active development within the ISO process, all these attacks would normally have been addressed in the working group, and no AEDH protocol in the public domain currently transmits the computed shared secret. Therefore, contrary to the conclusion of Robshaw and Blackburn, a simple addition to the draft protocol, similar in nature to protections in other protocols like TLS, makes the AEDH protocol perfectly suitable for authentication of passive tags and other low-power, constrained devices

Ex vivo renal perfusion and autotransplantation in treatment of calculous disease or abdominal aortic aneurysm.

Two more indications are described for temporary ex vivo perfusion of kidneys with revascularization of these organs as autografts to orthotopic or heterotopic locations. One of the patients had staghorn calculi which were removed from a solitary kidney. The other patient had both kidneys autografted in the course of a surgical procedure on an extensive abdominal aortic aneurysm

WalnutDSA(TM): A Quantum-Resistant Digital Signature Algorithm

In 2005 I. Anshel, M. Anshel, D. Goldfeld, and S. Lemieux introduced E-Multiplication(TM), a quantum-resistant, group-theoretic, one-way function which can be used as a basis for many different cryptographic applications. This one-way function was specifically designed for constrained devices, running extremely quickly and requiring very little code. This paper introduces WalnutDSA, a new E-Multiplication-based public-key method which provides efficient verification, allowing low-power and constrained devices to quickly and inexpensively validate digital signatures (e.g., a certificate or authentication). It presents an in-depth discussion of the construction of the digital signature algorithm, analyzes the security of the scheme, provides a proof of security under EUF-CMA, and discusses the practical results from implementations on several constrained devices

Kayawood, a Key Agreement Protocol

Public-key solutions based on number theory, including RSA, ECC, and Diffie-Hellman, are subject to various quantum attacks, which makes such solutions less attractive long term. Certain group theoretic constructs, however, show promise in providing quantum-resistant cryptographic primitives because of the infinite, non-cyclic, non-abelian nature of the underlying mathematics. This paper introduces Kayawood Key Agreement protocol (Kayawood, or Kayawood KAP), a new group-theoretic key agreement protocol, that leverages the known NP-Hard shortest word problem (among others) to provide an Elgamal-style, Diffie-Hellman-like method. This paper also (i) discusses the implementation of and behavioral aspects of Kayawood, (ii) introduces new methods to obfuscate braids using Stochastic Rewriting, and (iii) analyzes and demonstrates Kayawood\u27s security and resistance to known quantum attacks