Browse > Article
http://dx.doi.org/10.3745/JIPS.2010.6.3.335

Solving the Discrete Logarithm Problem for Ephemeral Keys in Chang and Chang Password Key Exchange Protocol  

Padmavathy, R. (Dept. of Computer Science and Engineering, National Institute of Technology)
Bhagvati, Chakravarthy (Dept. of Computer and Information Sciences, University of Hyderabad)
Publication Information
Journal of Information Processing Systems / v.6, no.3, 2010 , pp. 335-346 More about this Journal
Abstract
The present study investigates the difficulty of solving the mathematical problem, namely the DLP (Discrete Logarithm Problem) for ephemeral keys. The DLP is the basis for many public key cryptosystems. The ephemeral keys are used in such systems to ensure security. The DLP defined on a prime field $Z^*_p of random prime is considered in the present study. The most effective method to solve the DLP is the ICM (Index Calculus Method). In the present study, an efficient way of computing the DLP for ephemeral keys by using a new variant of the ICM when the factors of p-1 are known and small is proposed. The ICM has two steps, a pre-computation and an individual logarithm computation. The pre-computation step is to compute the logarithms of a subset of a group and the individual logarithm step is to find the DLP using the precomputed logarithms. Since the ephemeral keys are dynamic and change for every session, once the logarithms of a subset of a group are known, the DLP for the ephemeral key can be obtained using the individual logarithm step. Therefore, an efficient way of solving the individual logarithm step based on the newly proposed precomputation method is presented and the performance is analyzed using a comprehensive set of experiments. The ephemeral keys are also solved by using other methods, which are efficient on random primes, such as the Pohlig-Hellman method, the Van Oorschot method and the traditional individual logarithm step. The results are compared with the newly proposed individual logarithm step of the ICM. Also, the DLP of ephemeral keys used in a popular password key exchange protocol known as Chang and Chang are computed and reported to launch key recovery attack.
Keywords
Ephemeral Key; Pohlig-Hellman Method; Van-Oorschot Method; Index Calculus Method; Chang-Chang Password Key Exchange Protocol;
Citations & Related Records
연도 인용수 순위
  • Reference
1 R. Padmavathy, and Chakravarthy Bhagvati, "A Key Recovery Attack on Chang and Chang Password Key Exchange Protocol," International Conference on Computer and Network Technology, 2009.
2 J. M Pollard, "Monte Carlo methods for index computation (mod p)," Mathematics of Computation., v32(143), pp.106-110, 1978.
3 S. Pohlig, and M. Hellman, "An improved algorithm for computing logarithms over GF(p) and its cryptographic significance," IEEE Transaction on Information Theory, v24, pp.106-110, 1978.   DOI
4 J. Silverman, "The xedni calculus and the elliptic curve logarithm problem," Design Codes and Cryptography, v20, pp.5-40, 2000.   DOI
5 O. Schirokauer, D.Weber and T. Denny, "Discrete logarithms the effectiveness of the index calculus method," Proceeding of ANTS II, LNCS v1122, pp.337-361, 1996.
6 C. Studholme, Discrete logarithm problem, Research paper requirement (milestone) of the PhD program at the University of Toronto, June 21, 2002.
7 P. C, Van Oorschot and M. J, Wiener, "On Diffie-Hellman Key agreement with short Exponents," Proceeding of Eurocrypt LNCS v1070, pp.332-343, 1996
8 D. Weber, "Computing Discrete logarithms with the general number field sieve," Proceeding of ANTS II, LNCS v1122, pp.99-114, 1996.
9 D.Weber and T. Denny, The solution of McCurleys discrete log challenge, Proceeding of Crypto98, LNCS v1462, pp.458-471, 1998.
10 EJ. Yoon and KY. Yoo, "Improving the novel three-party encrypted key exchange protocol," Computer Standards and Interfaces, v30, pp.309-314, 2008.   DOI   ScienceOn
11 J. Buchmann and D. Weber, “Discrete Logarithms:Recent Progress,” Technical report, no:T1-12/98.
12 H. Cohen, and G. Fery, ‘Handbook of Elliptic and Hyperelliptic Curve Cryptography,' Discrete Mathematics and Applications, CRC Press, 2005.
13 D. Coppersmith, A. M Odlyzko, and R. Schroeppel, "Discrete logarithms in GF(p)," Algorithmica, v1, pp.1-15, 1986.   DOI
14 CC. Chang., YF. Chang, "A novel three party encrypted key exchange protocol," Computer Standards and Interfaces, v26(5), pp.471-6, 2004.   DOI   ScienceOn
15 W. Diffie, and M. Hellman, "New Directions in cryptography," IEEE Transaction on Information The ory, v22(6), pp.644-54, 1976.   DOI
16 D. M Gordon, "Discrete logarithms in GF(p) using the number field sieve," SIAM Journal of Discrete Mathematics, v6, pp.124-138, 1992.   DOI
17 D. E Knuth, The Art of computer programming,vol.3:Sorting and Searching, Addison-Wesley, 1973.
18 McCurely, "The Discrete logarithm problem," Cryptology and computational number theory proceeding of symposia in Applied Mathematics, v42, pp.49-74.
19 A. Menezes, and U. Berkant, On Reusing Ephemeral Keys in Diffie-Hellman Key Agreement Protocols, preprint, 2008.