TY - GEN
T1 - Nested merkle's puzzles against sampling attacks
AU - Dolev, Shlomi
AU - Fandina, Nova
AU - Li, Ximing
N1 - Funding Information:
Partially supported by Deutsche Telekom, Rita Altura Trust Chair in Computer Sciences, Lynne and William Frankel Center for Computer Sciences, Israel Science Foundation (grant number 428/11), Cabarnit Cyber Security MAGNET Consortium, Grant from the Institute for Future Defense Technologies Research named for the Medvedi of the Technion, and Israeli Internet Association, Grant from Guangdong Province Science Technology Plan (No. 2011B090400325).
PY - 2012/11/28
Y1 - 2012/11/28
N2 - We propose a new private key establishment protocol which is based on the Merkle's puzzles scheme. This protocol is designed to provide the honest parties the ability to securely and continuously communicate over an unprotected channel. To achieve the continuous security over unbounded communication sessions we propose to use a nested Merkle's puzzles approach where the honest parties repeatedly establish new keys and use previous keys to encrypt the puzzles of the current key establishment incarnation. We provide an implementation of the idea in the random oracle model and analyze its security. In addition, we implement the protocol in the standard cryptographic model, basing its security on the lattice shortest vector problem. The iterative nested scheme we propose enlarges the probability that the set of randomly chosen puzzles will contain hard puzzles, comparing with the probability that a single randomly chosen set consists of hard puzzles. Our nested Merkle puzzles scheme copes with δ-sampling attack where the adversary chooses to solve δ puzzles in each iteration of the key establishment protocol, decrypting the actual current communication when the adversary is lucky to choose the same puzzles the receiver chooses. We analyze the security of our schemes in the presence of such an attack.
AB - We propose a new private key establishment protocol which is based on the Merkle's puzzles scheme. This protocol is designed to provide the honest parties the ability to securely and continuously communicate over an unprotected channel. To achieve the continuous security over unbounded communication sessions we propose to use a nested Merkle's puzzles approach where the honest parties repeatedly establish new keys and use previous keys to encrypt the puzzles of the current key establishment incarnation. We provide an implementation of the idea in the random oracle model and analyze its security. In addition, we implement the protocol in the standard cryptographic model, basing its security on the lattice shortest vector problem. The iterative nested scheme we propose enlarges the probability that the set of randomly chosen puzzles will contain hard puzzles, comparing with the probability that a single randomly chosen set consists of hard puzzles. Our nested Merkle puzzles scheme copes with δ-sampling attack where the adversary chooses to solve δ puzzles in each iteration of the key establishment protocol, decrypting the actual current communication when the adversary is lucky to choose the same puzzles the receiver chooses. We analyze the security of our schemes in the presence of such an attack.
UR - http://www.scopus.com/inward/record.url?scp=84880958284&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-38519-3_11
DO - 10.1007/978-3-642-38519-3_11
M3 - Conference contribution
AN - SCOPUS:84880958284
SN - 9783642385186
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 157
EP - 174
BT - Information Security and Cryptology - 8th International Conference, INSCRYPT 2012, Revised Selected Papers
T2 - 8th China International Conference on Information Security and Cryptology, INSCRYPT 2012
Y2 - 28 November 2012 through 30 November 2012
ER -