Implementation guides for DH?
Jeroen C. van Gelderen
jeroen at vangelderen.org
Wed Jan 1 21:43:14 EST 2003
Adam,
This may be of use:
http://citeseer.nj.nec.com/anderson96minding.html
"Over the last year or two, a large number of attacks have been found
by the authors and others on protocols based on the discrete logarithm
problem, such as ElGamal signature and Diffie Hellman key exchange.
These attacks depend on causing variables to assume values whose
discrete logarithms can be calculated, whether by forcing a protocol
exchange into a smooth subgroup or by choosing degenerate values
directly. We survey these attacks and discuss how to build systems that
are robust against..."
@inproceedings{ anderson96minding,
author = "Anderson and Vaudenay",
title = "Minding Your p's and q's",
booktitle = "{ASIACRYPT}: Advances in Cryptology -- {ASIACRYPT}:
International Conference on the Theory and Application of Cryptology",
publisher = "LNCS, Springer-Verlag",
year = "1996",
url = "citeseer.nj.nec.com/anderson96minding.html" }
Cheers,
-J
On Wednesday, Jan 1, 2003, at 13:53 US/Eastern, Adam Shostack wrote:
> I'm looking for a list of common implementation flaws in DH. Things
> like: How to check the key the other side sends, what are acceptable
> values for p, etc?
>
> Any pointers?
>
> Adam
>
>
> --
> "It is seldom that liberty of any kind is lost all at once."
> -Hume
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at wasabisystems.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list