Title: On reusing ephemeral keys in Diffie-Hellman key agreement protocols

Authors: Alfred Menezes, Berkant Ustaoglu

Addresses: Department of Combinatorics and Optimization, University of Waterloo, Waterloo, Ontario N2L 3G1, Canada. ' Okamoto Research Laboratory, NTT Information Sharing Platform Laboratories, 3-9-11, Midori-cho Musashino-shi, Tokyo 180-8585, Japan

Abstract: A party may choose to reuse ephemeral public keys in a Diffie-Hellman key agreement protocol in order to reduce its computational workload or to mitigate against denial-of-service attacks. In this note, we show that small-subgroup attacks can be successfully launched on some Diffie-Hellman protocols that reuse ephemeral keys if domain parameters are not appropriately selected or if public keys are not appropriately validated.

Keywords: key agreement protocols; Diffie-Hellman; ephemeral public keys; cryptography; computational workload; denial-of-service attacks; ephemeral key reuse; domain parameter selection; public key validation.

DOI: 10.1504/IJACT.2010.038308

International Journal of Applied Cryptography, 2010 Vol.2 No.2, pp.154 - 158

Available online: 28 Jan 2011 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article