Some active attacks on fast server-aided secret computation protocols for modular exponentiation
Four server-aided secret computation protocols, Protocols 1, 2, 3, and 4, for modular exponentiation were proposed by Kawamura and Shimbo in 1993. By these protocols, the client can easily compute the modular exponentiation Md mod N with the help of a powerful server, where N is the product of two large primes. To enhance the security, the client was suggested to use a verification scheme and a slight modification on each proposed protocol. In this paper, we propose two new active attacks to break Protocols 3 and 4, respectively. Even if Protocols 3 and 4 have included the slight modification and verification, the untrusted server can still obtain the secret data d. The client cannot detect these attacks by the proposed verification. To adopt these new attacks, the difficulty of finding the value of the secret data d will be decreased drastically.
Keywordsserver-aided secret computation protocol active attack cryptography modular exponentiation
Unable to display preview. Download preview PDF.
- 1.Kawamura, S. and Shimbo, A. (1993): “Fast Sever-Aided Secret Computation Protocols for Modular Exponentiation,” IEEE Journal on Selected Areas in Communications, Vol. 11, No. 5, 1993, pp. 778–784.Google Scholar
- 2.Knuth, D. E. (1981): “The Art of Computer Programming Vol 2: Seminumerical Algorithms,” 2nd Ed., Addition-Wesley, Reading, MA, 1981, pp. 451.Google Scholar
- 3.Laih, C. S. and Yen, S. M. (1992): “Secure Addition Sequence and Its Application on the Server Aided Secret Computation Protocols,” AUSCRYPT '92, Gold Coast, Australia, Dec. 1992, pp. 6.1–6.7.Google Scholar
- 4.Laih, C. S., Yen, S. M. and Harn, L. (1991): “Two Efficient Server-Aided Secret Computation Protocols based on the Addition Sequence,” ASIACRYPT '91, Fuijyoshida, Japan, Nov. 1991, pp. 270–274.Google Scholar
- 5.Matsumoto, T., Kato, K. and Imai, H. (1988): “Speed up Secret Computations with Insecure Auxiliary Devices,” Advances in Crytpology-CRYPTO '88, Springer Verlag, New York, 1990, pp. 497–506.Google Scholar
- 6.Pfitzmann, B. and Waidner, M. (1992): “Attacks on Protocols for Server-Aided RSA Computation,” EUROCRYPT '92, Balatonfured, Hugary, 1992, pp. 139–146.Google Scholar
- 7.Quisquater, J.-J., and Soete, M. De (1989): “Speeding up Smart Card RSA Computation with Insecure Coprocessors,” Proc. SMART CARD 2000, Amsterdam, North-Holland, Oct. 1989, pp. 191–197.Google Scholar
- 8.Rivest, R. L., Shamir, A. and Adleman, L. (1978): “A Method for Obtaining Digital Signatures and Public Key Cryptosystems,” Communications of ACM, Vol. 21, No. 2, 1978, pp. 120–126.Google Scholar
- 9.Shimbo, A. and Kawamura, S. (1990): “A Factorization Attack on Certain Server-aided Computation Protocols fro RSA Secret Transformation,” Electronic Letters, Vol. 26, No. 17, 1990, pp. 1387–1388.Google Scholar
- 10.Yao, A. C. (1976): “On the Evaluation of Powers,” SIAM J. Comput., Vol. 5, No. 1, 1976, pp. 100–103.Google Scholar