Nested Merkle’s Puzzles against Sampling Attacks

Shlomi Dolev, Nova Fandina, Ximing Li

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


We propose a new private key establishment protocol which is based on the Merkle’s puzzles scheme. This protocol is designed to provide the honest parties the ability to securely and continuously communicate over an unprotected channel. To achieve the continuous security over unbounded communication sessions we propose to use a nested Merkle’s puzzles approach where the honest parties repeatedly establish new keys and use previous keys to encrypt the puzzles of the current key establishment incarnation. We provide an implementation of the idea in the random oracle model and analyze its security. In addition, we implement the protocol in the standard cryptographic model, basing its security on the lattice shortest vector problem. The iterative nested scheme we propose enlarges the probability that the set of randomly chosen puzzles will contain hard puzzles, comparing with the probability that a single randomly chosen set consists of hard puzzles. Our nested Merkle puzzles scheme copes with δ-sampling attack where the adversary chooses to solve δ puzzles in each iteration of the key establishment protocol, decrypting the actual current communication when the adversary is lucky to choose the same puzzles the receiver chooses. We analyze the security of our schemes in the presence of such an attack.
Original languageEnglish
Title of host publicationInternational Conference on Information Security and Cryptology
StatePublished - 28 Nov 2012


Dive into the research topics of 'Nested Merkle’s Puzzles against Sampling Attacks'. Together they form a unique fingerprint.

Cite this