Merkle Puzzles Are Optimal — An O(n2)-Query Attack on Any Key Exchange from a Random Oracle

  • Boaz Barak
  • Mohammad Mahmoody-Ghidary
Conference paper

DOI: 10.1007/978-3-642-03356-8_22

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5677)
Cite this paper as:
Barak B., Mahmoody-Ghidary M. (2009) Merkle Puzzles Are Optimal — An O(n2)-Query Attack on Any Key Exchange from a Random Oracle. In: Halevi S. (eds) Advances in Cryptology - CRYPTO 2009. Lecture Notes in Computer Science, vol 5677. Springer, Berlin, Heidelberg

Abstract

We prove that every key exchange protocol in the random oracle model in which the honest users make at most n queries to the oracle can be broken by an adversary making O(n2) queries to the oracle. This improves on the previous \(\Tilde{\Omega}(n^6)\) query attack given by Impagliazzo and Rudich (STOC ’89), and answers an open question posed by them. Our bound is optimal up to a constant factor since Merkle (CACM ’78) gave a key exchange protocol that can easily be implemented in this model with n queries and cannot be broken by an adversary making o(n2) queries.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Boaz Barak
    • 1
  • Mohammad Mahmoody-Ghidary
    • 1
  1. 1.Department of Computer SciencePrinceton UniversityUSA

Personalised recommendations