Multiplier randomization techniques with hashing of the results is one of widely used (especially for semi-trusted environment) countermeasures against attacks on key agreement protocols in practice. This approach is used, for instance, in VKO mechanisms, which are used as building blocks for Russian cipher suites for main cryptographic protocols (including IPsec, TLS, CMS), standardized in Russia. As an important example, shared keys are produced with this technique in TLS 1.2 cipher suites, which are widespread in cryptographic software for citizens of Russia. In this paper, we consider overall security of procedures of shared key computation in the practically significant cases of implementation errors in computations on twisted Edwards elliptic curves and non-constant time of scalar multiplication operations.
Download file
Counter downloads: 41
- Title Impact of randomization in VKO mechanisms on overall security level
- Headline Impact of randomization in VKO mechanisms on overall security level
- Publesher
Tomsk State University - Issue Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics 54
- Date:
- DOI 10.17223/20710410/54/3
Keywords
models and methods in information security, cryptographic protocolsAuthors
References
Diffie W. and Hellman M. New directions in cryptography // IEEE Trans. Inform. Theory. 1976. V. 22. No. 6. P.644-654.
Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography. NIST Special Publication 800-56A Revision 3. https://doi.org/10.6028/NIST.SP.800-56Ar3.2018.
Rescorla E. The Transport Layer Security (TLS) Protocol Version 1.3. https://tools.ietf.org/html/rfc8446.2018.
ГОСТ Р 34.11-2012 «Информационная технология. Криптографическая защита информации. Функция хэширования». М.: Стандартинформ, 2012.
Popov V., Kurepkin I., and Leontiev S. Additional Cryptographic Algorithms for Use with GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms. https://tools.ietf.org/html/rfc4357.2006.
Рекомендации по стандартизации Р 50.1.113-2016 «Информационная технология. Криптографическая защита информации. Криптографические алгоритмы, сопутствующие применению алгоритмов электронной цифровой подписи и функции хэширования». М.: Стандартинформ, 2016.
ГОСТ Р 34.10-2012 «Информационная технология. Криптографическая защита информации. Процессы формирования и проверки электронной цифровой подписи». М.: Стандартинформ, 2012.
Smyshlyaev S., Alekseev E., Popov V., and Leontiev S. Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.112012. https://tools.ietf.org/html/rfc7836.2016.
Рекомендации по стандартизации Р 1323565.1.020-2020 «Информационная технология. Криптографическая защита информации. Использование российских криптографических алгоритмов в протоколе безопасности транспортного уровня (TLS 1.2)». М.: Стандартинформ, 2020.
Методические рекомендации МР 26.2.002-2013 «Использование алгоритмов ГОСТ 2814789, ГОСТ Р 34.10 и ГОСТ Р 34.11 в криптографических сообщениях формата CMS». М.: Стандартинформ, 2013.
Техническая спецификация ТС 26.2.001-2015 «Использование ГОСТ 28147-89, ГОСТ Р 34.11-2012 и ГОСТ Р 34.10-2012 в протоколах обмена ключами IKE и ISAKMP». М.: Стандартинформ, 2015.
Рекомендации по стандартизации «Информационная технология. Криптографическая защита информации. Использование российских криптографических алгоритмов в сети Интернет версии 2 (IKEv2)» (проект).
Алексеев Е. К., Ошкин И. Б., Попов В. О. и др. О перспективах использования скрученных эллиптических кривых Эдвардса со стандартом ГОСТ Р 34.10-2012 и алгоритмом ключевого обмена на его основе // Проблемы информационной безопасности. Компьютерные системы. 2014. №3. С. 60-66.
Alekseev E. K., Nikolaev V. D., and Smyshlyaev S. V. On the security properties of Russian standardized elliptic curves // Матем. вопр. криптогр. 2018. Т. 9. №3. С. 5-32.
SafeCurves: Choosing Safe Curves for Elliptic-Curve Cryptography. https://safecurves.cr.yp.to/index.html.
Lim C. H. and Lee P. J. A key recovery attack on discrete log-based schemes using a prime order subgroup // LNCS. 1997. V. 1294. P.249-263.
Biehl I., Meyer B., and Muller V. Differential fault attacks on elliptic curve cryptosystems (extended abstract) // LNCS. 2000. V. 1880. P. 131-146.
Semaev I. A. Summation Polynomials and the Discrete Logarithm Problem on Elliptic Curves. Cryptology ePrint Archive: Report 2004/031. https://eprint.iacr.org/2004/031.pdf.
Petit C. and Quisquater J.-J. On polynomial systems arising from a Weil descent // LNCS. 2012. V. 7658. P.451-466.
Semaev I. A. New Algorithm for the Discrete Logarithm Problem on Elliptic Curves. Cryptology ePrint Archive: Report 2015/310. https://eprint.iacr.org/2015/310.pdf.
Courtois N. On Splitting a Point with Summation Polynomials in Binary Elliptic Curves. Cryptology ePrint Archive: Report 2016/003. https://eprint.iacr.org/2016/003.pdf.
Petit C., Kosters M., and Messeng A. Algebraic approaches for the elliptic curve discrete logarithm problem over prime fields // LNCS. 2016. V.9615. P.3-18.
Hankerson D., Menezes A.J., and Vanstone S. Guide to Elliptic Curve Cryptography. N.Y.: Springer Verlag, 2004.
Schnorr C.-P. Security of blind discrete log signatures against interactive attacks // LNCS. 2001. V. 2229. P. 1-12.
Benhamouda F., Lepoint T., Loss J, et al. On the (in)security of ROS’ // LNCS. 2021. V. 12696. P. 33-53.
Koblitz N. and Menezes A. Critical perspectives on provable security: Fifteen years of “another look” papers // Adv. Math. Commun. 2019. V. 13. P. 517-558.
Impact of randomization in VKO mechanisms on overall security level | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2021. № 54. DOI: 10.17223/20710410/54/3
Download full-text version
Counter downloads: 71