IETF Logo Mail Archive

Re: FW: New Version Notification for draft-rafiee-6man-cga-attack-00.txt

Tom Taylor <tom.taylor.stds@gmail.com> Mon, 02 December 2013 01:05 UTC

Return-Path: <tom.taylor.stds@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ACD21AE2AE for <ipv6@ietfa.amsl.com>; Sun, 1 Dec 2013 17:05:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lqjiCra25vZN for <ipv6@ietfa.amsl.com>; Sun, 1 Dec 2013 17:05:26 -0800 (PST)
Received: from mail-ie0-x22f.google.com (mail-ie0-x22f.google.com [IPv6:2607:f8b0:4001:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 599CA1AE2AD for <ipv6@ietf.org>; Sun, 1 Dec 2013 17:05:26 -0800 (PST)
Received: by mail-ie0-f175.google.com with SMTP id x13so19107431ief.20 for <ipv6@ietf.org>; Sun, 01 Dec 2013 17:05:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=nbjAh1Gvz4dhSbygqP9Jsmz9emC58qOZyYiJ2vI+Tlw=; b=0qkKAJfRMAXLUv+scb1eHyRk/0KjZbMD7G2HIt8UEmnEFNX8on3+CIdUQtkWVzRj0d ybG6wZVmuV34vx8dfi5WHab/NmAKIZDNeODT0YXwyyxJlrjE34uNX9Nr8gXbPsTsn4ha MBNtnlkukwtoOmSPehzp5/bL4+7d8BFNDbym+oHHBYcxbMUspD9xtztxUSDpf4soMQR3 dxSUSehap1cIZf52v/Bgg4FSDdvHo2tDbnwT9+nlCqbJJvw4Ll0fJ1o8uhpnhps8AIyi eHsZuJo/JPckCfjBo4+3CE88Jfq+neQZdEbVLlTty2LuuKq29gdit44SUxKMJRGJAWQt /UPQ==
X-Received: by 10.43.172.4 with SMTP id nw4mr39614038icc.25.1385946324232; Sun, 01 Dec 2013 17:05:24 -0800 (PST)
Received: from [192.168.1.65] ([64.56.250.4]) by mx.google.com with ESMTPSA id da14sm23770891igc.1.2013.12.01.17.05.22 for <ipv6@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 01 Dec 2013 17:05:23 -0800 (PST)
Message-ID: <529BDCD0.4040503@gmail.com>
Date: Sun, 01 Dec 2013 20:05:20 -0500
From: Tom Taylor <tom.taylor.stds@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: ipv6@ietf.org
Subject: Re: FW: New Version Notification for draft-rafiee-6man-cga-attack-00.txt
References: <005601ceec99$ed4cfc40$c7e6f4c0$@rozanak.com> <C91E67751B1EFF41B857DE2FE1F68ABA2FBC395D@tk5ex14mbxc272.redmond.corp.microsoft.com> <000001ceecd4$a69b4aa0$f3d1dfe0$@rozanak.com> <529845A5.5060807@it.uc3m.es> <001101ceeedf$da768080$8f638180$@rozanak.com>
In-Reply-To: <001101ceeedf$da768080$8f638180$@rozanak.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Dec 2013 01:05:28 -0000

On 01/12/2013 4:53 PM, Hosnieh Rafiee wrote:
>> El 29/11/13 08:28, Hosnieh Rafiee escribió:
>>>
>>>
>>> In CGA, we have a hash function or like the above example, we have a
>>> hash password. What is important for us is only find another message
>>> that leads to the same hash. This is where birthday paradox applies.
>>> So, in CGA, the attacker really does not care what is the content of
>>> your message, it cares about the hash value. He only wants to have
>>> another message (or in birthday paradox to have another person with
>>> the same birthday that matches yours) to match yours.
>>>
>>
>> sigh, no.
>>
>> the birthday paradox applies when you want to find two values that match
>> each other and NOT when you have a target and you want to find a hash
>> output that matches the target of your attack.
>>
>> In other words, the birthday paradox is not about finding another person
> that
>> has the same birthday than you but about finding two persons that happen
> to
>> have the same birthday.
>>
>> This is a critical distinction when you want to use this for an attack, as
> you
>> cannot rely on this to attack a specific target, you can only use it for
> finding
>> two random values that clash.
>
>
> Birthday attack is still possible with the following approach. Check this
> nice article.
> http://eprint.iacr.org/2003/065.pdf
>
...

This paper is still about collisions between xi and xj where the two 
points are at random locations in a sequence of length q. It does not 
put a new bound on the number of trials needed to find a collision 
between an initially selected x1 and some other randomly selected point 
in a sequence of length q, and that is the problem at hand. Amazing that 
you cannot see the difference!

Tom Taylor

v2.23.0 | Report a Bug | By Email