[Cryptography] State of sin (was Re: What to put in a new cryptography course)

[Thierry Moreau]

On 11/07/16 06:11 PM, Arnold Reinhold wrote:
>
> The lack of mathematical proofs for the security of cryptographic primitives is a reality with which the cryptographic community is perhaps too comfortable. [...]
>
> A recent example of this is the Logjam attack for which there was no new mathematics developed, merely a realization that most the work needed in the best attack on D-H in the group of integers modulo a prime p was only dependent on p, not on the group element whose logarithm was to be computed. Since many protocols use the same p for all D-H encryption, attacks became more feasible than previously thought. The assertion "D-H is hard" omitted that bit of fine print.  What other overlooked technicalities are out there behind statements that "X is assumed to be hard"?
>

Ah ah! You might need a different example, or a different explanation:

A prudent recommendation in section 5.2 of the original 
Station-To-Station Protocol publication ([1]) anticipated to the very 
root cause of the Logjam major vulnerability.

[1] Whitfield Diffie, Paul C. Van Oorschot, and Michael J. Wiener 
"Authentication and Authenticated Key Exchanges", in Designs, Codes and 
Cryptography, 2, 107-125 (1992) (received by editor Nov. 22, 1991 and 
revised Mar. 6, 1992), available as Appendix B to US patent 5,724,425.

Hence the "realization" was not new.

Maybe the cryptographic community has to listen more carefully to these 
theoretical contributions that are being relied upon in deployed crypto 
schemes.

- Thierry

> Arnold Reinhold
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>