Learn More
Wagner and Magyarik outlined a conceptual public key cryptosystem based on the hardness of the word problem for finitely presented groups. At the same time, they gave a specific example of such a system. We prove that in the present form their approach is vulnerable to so-called reaction attacks. In particular, for the proposed instance it is possible to(More)
A protocol compiler is described, that transforms any prov-ably secure authenticated 2-party key establishment into a provably secure authenticated group key establishment with 2 more rounds of communication. The compiler introduces neither idealizing assumptions nor high-entropy secrets, e. g., for signing. In particular, applying the compiler to a(More)
We generalize and extend results obtained by Boneh and Venkatesan in 1996 and by González Vasco and Shparlinski in 2000 on the hardness of computing bits of the Diffie-Hellman key, given the public values. Specifically, while these results could only exclude (essentially) error-free predictions, we here exclude any non-negligible advantage , though for(More)
In this paper we describe a cryptanalysis of a key exchange scheme recently proposed by´Alvarez, Tortosa, Vicent and Zamora. The scheme is based on exponentiation of block matrices over a finite field of prime order. We present an efficient reduction of the problem of disclosing the shared key to the discrete logarithm problem (DLP) in an extension of the(More)
In traditional e-cash systems, the tradeoff between anonymity and fraud-detection is solved by hiding the identity of the user into the e-coin, and providing an additional triggering mechanism that opens this identity in case of double spending. Hence, fraud detection implies loss of anonymity. This seems to be a somewhat natural solution when universality(More)
We examine the popular proof models for group key establishment of Bresson et al. (LNCS 2248: 290–309, 2001; Proceedings of the 8th ACM conference on computer and communications security (CCS-8), 2001) and point out missing security properties addressing malicious protocol participants. We show that established group key establishment schemes from CRYPTO(More)
Boneh and Venkatesan have recently proposed a polynomial time algorithm for recovering a " hidden " element α of a finite field IFp of p elements from rather short strings of the most significant bits of the remainder modulo p of αt for several values of t selected uniformly at random from IF * p. We use some recent bounds of exponential sums to generalize(More)
Boneh and Venkatesan have recently proposed a polynomial time algorithm for recovering a " hidden " element α of a finite field Fp of p elements from rather short strings of the most significant bits of the remainder modulo p of αt for several values of t selected uniformly at random from F * p. Unfortunately the applications to the computational security(More)
A provably secure password-authenticated protocol for group key establishment in the common reference string (CRS) model is presented. Our construction assumes the participating users to share a common password and combines smooth hashing as introduced by Cramer and Shoup with a construction of Burmester and Desmedt. Our protocol is constant-round. Namely,(More)