-
Ironwood Meta Key Agreement and Authentication Protocol
Authors:
Iris Anshel,
Derek Atkins,
Dorian Goldfeld,
Paul E. Gunnells
Abstract:
Number theoretic public-key solutions, currently used in many applications worldwide, will be subject to various quantum attacks, making them less attractive for longer-term use. Certain group theoretic constructs are now showing promise in providing quantum-resistant cryptographic primitives, and may provide suitable alternatives for those looking to address known quantum attacks. In this paper,…
▽ More
Number theoretic public-key solutions, currently used in many applications worldwide, will be subject to various quantum attacks, making them less attractive for longer-term use. Certain group theoretic constructs are now showing promise in providing quantum-resistant cryptographic primitives, and may provide suitable alternatives for those looking to address known quantum attacks. In this paper, we introduce a new protocol called a Meta Key Agreement and Authentication Protocol (MKAAP) that has some characteristics of a public-key solution and some of a shared-key solution. Specifically it has the deployment benefits of a public-key system, allowing two entities that have never met before to authenticate without requiring real-time access to a third-party, but does require secure provisioning of key material from a trusted key distribution system (similar to a symmetric system) prior to deployment. We then describe a specific MKAAP instance, the Ironwood MKAAP, discuss its security, and show how it resists certain quantum attacks such as Shor's algorithm or Grover's quantum search algorithm. We also show Ironwood implemented on several ``internet of things'' (IoT devices), measure its performance, and show how it performs significantly better than ECC using fewer device resources.
△ Less
Submitted 13 September, 2019; v1 submitted 8 February, 2017;
originally announced February 2017.
-
Defeating the Ben-Zvi, Blackburn, and Tsaban Attack on the Algebraic Eraser
Authors:
Iris Anshel,
Derek Atkins,
Dorian Goldfeld,
Paul E. Gunnells
Abstract:
The Algebraic Eraser Diffie-Hellman (AEDH) protocol was introduced in 2005 and published in 2006 by Anshel-Anshel-Goldfeld-Lemieux as a protocol suitable for use on platforms with constrained computational resources, such as FPGAs, ASICs, and wireless sensors. It is a group-theoretic cryptographic protocol that allows two users to construct a shared secret via a Diffie-Hellman-type scheme over an…
▽ More
The Algebraic Eraser Diffie-Hellman (AEDH) protocol was introduced in 2005 and published in 2006 by Anshel-Anshel-Goldfeld-Lemieux as a protocol suitable for use on platforms with constrained computational resources, such as FPGAs, ASICs, and wireless sensors. It is a group-theoretic cryptographic protocol that allows two users to construct a shared secret via a Diffie-Hellman-type scheme over an insecure channel.
Building on the refuted 2012 permutation-based attack of Kalka-Teichner-Tsaban, in 2015 Ben-Zvi-Blackburn-Tsaban (BBT) presented a heuristic attack that attempts to recover the AEDH shared secret. In their paper BBT reference the AEDH protocol as presented to ISO for certification (ISO 29167-20) by SecureRF. The ISO draft contains two profiles using the Algebraic Eraser. One profile is unaffected by this attack; the second profile is subject to their attack provided the attack runs in real time. This is not the case in most practical deployments.
The BBT attack is simply a targeted attack that does not attempt to break the method, system parameters, or recover any private keys. Rather, its limited focus is to recover the shared secret in a single transaction. In addition, the BBT attack is based on several conjectures that are assumed to hold when parameters are chosen according to standard distributions, which can be mitigated, if not avoided. This paper shows how to choose special distributions so that these conjectures do not hold making the BBT attack ineffective for braid groups with sufficiently many strands. Further, the BBT attack assumes that certain data is available to an attacker, but there are realistic deployment scenarios where this is not the case, making the attack fail completely. In summary, the BBT attack is flawed (with respect to the SecureRF ISO draft) and, at a minimum, over-reaches as to its applicability.
△ Less
Submitted 18 January, 2016;
originally announced January 2016.
-
Defeating the Kalka--Teicher--Tsaban linear algebra attack on the Algebraic Eraser
Authors:
Dorian Goldfeld,
Paul E. Gunnells
Abstract:
The Algebraic Eraser (AE) is a public key protocol for sharing information over an insecure channel using commutative and noncommutative groups; a concrete realization is given by Colored Burau Key Agreement Protocol (CBKAP). In this paper, we describe how to choose data in CBKAP to thwart an attack by Kalka--Teicher--Tsaban.
The Algebraic Eraser (AE) is a public key protocol for sharing information over an insecure channel using commutative and noncommutative groups; a concrete realization is given by Colored Burau Key Agreement Protocol (CBKAP). In this paper, we describe how to choose data in CBKAP to thwart an attack by Kalka--Teicher--Tsaban.
△ Less
Submitted 2 February, 2012;
originally announced February 2012.
-
On the cryptanalysis of the generalized simultaneous conjugacy search problem and the security of the Algebraic Eraser
Authors:
Paul E. Gunnells
Abstract:
The Algebraic Eraser (AE) is a cryptographic primitive that can be used to obscure information in certain algebraic cryptosystems. The Colored Burau Key Agreement Protocol (CBKAP), which is built on the AE, was introduced by I. Anshel, M. Anshel, D. Goldfeld, and S. Lemieux in 2006 as a protocol suitable for use on platforms with constrained computational resources, such as RFID and wireless senso…
▽ More
The Algebraic Eraser (AE) is a cryptographic primitive that can be used to obscure information in certain algebraic cryptosystems. The Colored Burau Key Agreement Protocol (CBKAP), which is built on the AE, was introduced by I. Anshel, M. Anshel, D. Goldfeld, and S. Lemieux in 2006 as a protocol suitable for use on platforms with constrained computational resources, such as RFID and wireless sensors. In 2009 A. Myasnikov and A. Ushnakov proposed an attack on CBKAP that attempts to defeat the generalized simultaneous conjugacy search problem, which is the public-key computational problem underlying CBKAP. In this paper we investigate the effectiveness of this attack. Our findings are that success of the attack only comes from applying it to short keys, and that with appropriate keys the attack fails in 100% of cases and does not pose a threat against CBKAP. Moreover, the attack makes assumptions about CBKAP that do not hold in practical implementations, and thus does not represent a threat to the use of CBKAP in applications.
△ Less
Submitted 5 May, 2011;
originally announced May 2011.
