Re: Truncated multiplication (is it secure???)

Sebastian Gottschalk <seppi@xxxxxxxxx> (07-03-26 20:12:12):

I just wondered why you focussed so much on inverting the
function. For serious protocols like DH, one has focussed on
proving that all other attacks (like combining the intercepted
values in a clever way) can be reduced on the hardness of the
inversion of the function. If this wouldn't be the case, the
inverting the function should be the hardest of all possible
approaches.

I'm always looking for clear definitions. Given an operation that
is commutative, associative and (as I know now) not idempotent, with
operands and result statistically unrelated, can't it be used to
create a secure key exchange right away?

No. Trivial counterexample: addition in IN

At least it must be a one-way function (this is what Diffie proved)
and AFAWK the problem must be reducible to that function.

Yes, of course.


What I liked about XEVRON is the idea to reduce the result of the
multiplication in such a way that it's hard to invert it. Its
definition is badly flawed, the scheme is insecure, but still the
original idea isn't that bad.

Ehm... what about doing the same in a multiplicative group over a
sufficient large finite ring? Oh, wait, this is already DH, and
hardness of the problem happens automatically.

The approach is different. DH is based on a number-theoretical problem,
whereas XEVRON is based on stupidly destroying information in an attempt
to make inversion harder. The latter approach isn't necessarily bad,
but it has shown to be insecure in that particular case.


Regards,
Ertugrul Söylemez.


--
From the fact that this CGI program has been written in Haskell, it
follows naturally that this CGI program is perfectly secure.
.

Relevant Pages

  • Re: Truncated multiplication (is it secure???)
    ... clever way) can be reduced on the hardness of the inversion of the ... If this wouldn't be the case, the inverting the function ... a secure key exchange right away? ... From the fact that this CGI program has been written in Haskell, ...
    (sci.crypt)
  • Re: Truncated multiplication (is it secure???)
    ... is commutative, associative and not idempotent, with ... operands and result statistically unrelated, ... create a secure key exchange right away? ... From the fact that this CGI program has been written in Haskell, ...
    (sci.crypt)
Loading