论文信息 - The problem of popular primes: Logjam

The problem of popular primes: Logjam

This paper will discuss the Logjam attack on TLS. The Logjam attack allows, under certain conditions, to defeat the security provided by TLS. This is done by manipulating server and client into using weak and deprecated export grade crypto, and subsequently breaking the Diffie-Hellman key exchange. We explore how the attack works conceptually and how exactly TLS is vulnerable to this attack. Also, the conditions under which the attack can be mounted are discussed, and an estimate of the impact of the attack is presented. Lastly, several mitigations are presented.

Wouter Bokslag | Wouter Bokslag

[1] Antoine Joux,et al. A Heuristic Quasi-Polynomial Algorithm for Discrete Logarithm in Finite Fields of Small Characteristic , 2014, EUROCRYPT.

[2] Kenneth G. Paterson,et al. Lucky Thirteen: Breaking the TLS and DTLS Record Protocols , 2013, 2013 IEEE Symposium on Security and Privacy.

[3] Alfredo Pironti,et al. A Messy State of the Union: Taming the Composite State Machines of TLS , 2015, 2015 IEEE Symposium on Security and Privacy.

[4] Eric Rescorla,et al. The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[5] Stephen C. Pohlig,et al. An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.

[6] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[7] Matthew Green,et al. Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice , 2015, CCS.

[8] Oliver Schirokauer. The impact of the number field sieve on the discrete logarithm problem in finite fields , 2008 .

[9] Carl Pomerance,et al. A Tale of Two Sieves , 1998 .

[10] Wang Hong. Polynomial Selection in the Number Field Sieve , 2003 .

[11] Bodo Möller,et al. Transport Layer Security (TLS) False Start , 2016, RFC.

[12] Tim Dierks,et al. The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .