论文信息 - Methods for Avoiding the "Small-Subgroup" Attacks on the Diffie-Hellman Key Agreement Method for S/MIME

Methods for Avoiding the "Small-Subgroup" Attacks on the Diffie-Hellman Key Agreement Method for S/MIME

In some circumstances the use of the Diffie-Hellman key agreement scheme in a prime order subgroup of a large prime p is vulnerable to certain attacks known as "small-subgroup" attacks. Methods exist, however, to prevent these attacks. This document will describe the situations relevant to implementations of S/MIME version 3 in which protection is necessary and the methods that can be used to prevent these attacks.

Robert J. Zuccherato | R. Zuccherato

[1] Eric Rescorla,et al. Diffie-Hellman Key Agreement Method , 1999, RFC.

[2] B. S. Kaliski. Compatible cofactor multiplication for Diffie-Hellman primitives , 1998 .

[3] Blake Ramsdell,et al. S/MIME Version 3 Message Specification , 1999, RFC.

[4] Chae Hoon Lim,et al. A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp , 1997, CRYPTO.

[5] Martin E. Hellman,et al. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[6] R. Housley. Cryptographic Message Syntax , 1999, RFC.

[7] Paul C. van Oorschot,et al. Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[8] Warwick Ford,et al. Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework , 1999, RFC.

[9] Stephen C. Pohlig,et al. An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.