Toggle Main Menu Toggle Search

Open Access padlockePrints

On Small Subgroup Non-confinement Attack

Lookup NU author(s): Professor Feng Hao


Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


The small subgroup confinement attack works by confining cryptographic operations within a small subgroup, in which exhaustive search is feasible. This attack is overt and hence can be easily thwarted by adding a public key validation: verifying the received group element has proper order. In this paper, we present a different aspect of the small subgroup attack. Sometimes, the fact that an operation does not fall into the small subgroup confinement may provide an oracle to an attacker, leaking partial information about the long-term secrets. This attack is subtle and reflects structural weakness of a protocol; the question of whether the protocol has a public key validation is completely irrelevant. As a concrete example, we show how this attack works on the Secure Remote Password (SRP-6) protocol.

Publication metadata

Author(s): Hao F

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: 10th IEEE International Conference on Computer and Information Technology

Year of Conference: 2010

Pages: 1022-1025

Publisher: IEEE


DOI: 10.1109/CIT.2010.187

Library holdings: Search Newcastle University Library for this item

ISBN: 9780769541082