Speeding up secure sessions establishment on the internet
Author: 
Yaron SellaAuthors Info & Claims
Yaron SellaAuthors Info & ClaimsPages 433 - 450
Abstract
We propose a method for speeding up secure sessions establishment between clients and servers on the Internet, which is applicable for both RSA and DH. In the case of RSA, the method effectively offloads computational work from a heavily-loaded server to its clients. In the case of DH, the improved performance is obtained at the price of extended certificates. Our method is built upon a scheme called simultaneous multiple exponentiation, and basically splits the work of simultaneous multiple exponentiation between two entities. The challenge is to do so without leaking secret bits of the secret exponent, and still improve the performance. We prove that these two tasks can be achieved simultaneously.
References
[1]
P. Beguin, and J-J. Quisquater. Fast server-aided RSA signatures secure against active attacks. In Proceedings of Crypto 95, pages 57-69, 1995. 435
[2]
M. Bellare, J. Garay, and T. Rabin. Fast batch verification for modular exponentiation and digital signatures. In Proceedings of Eurocrypt 98, pages 236-250, 1998. 448
[3]
M. Bellare, and P. Rogaway. Optimal Assymetric Encryption - How to Encrypt with RSA. In Advances in Cryptology Eurocrypt 94, pages 92-111, 1994. 434, 437
[4]
D. Boneh. The decision Diffie-Hellman problem. In Proceedings of the Third Algorithmic Number Theory Symp., LNCS Vol. 1423, pages 48-63, 1998. 436
[5]
D. Boneh, and H. Shacham. Fast variants of RSA. In RSA Laboratories Crypto-bytes , Volume 5 No. 1, pages 1-8, Winter/Spring 2002. 438
[6]
E. F. Brickell, D. M. Gordon, K. S. McCurley, and D. Wilson. Fast exponentiation with precomputation. In Proceedings of Eurocrypt 92, pages 200-207, 1992. 434
[7]
C. Coup'e, P. Nguyen, and J. Stern. The Effectiveness of Lattice Attacks Against Low-Exponent RSA. In Proceedings of PKC'99, pages 204-218, 1999.
[8]
T. Dierks, and C. Allen. RFC 2246: The TLS Protocol Version 1. January 1999. http://www.ietf.org/rfc/rfc2246.txt 433
[9]
W. Diffie, and M. Hellman. New directions in Cryptography. IEEE Transactions on Information Theory, Volume 22, No. 6, pages 644-654, 1976. 433
[10]
M.R. Garey, and D. S. Johnson. Computers and Intractability: A Guide to the Theory of NP-Completeness. Freeman, New York, 1979. 444
[11]
S. Hong, J. Shin, H. Lee-Kwang, and H. Yoon. A new approach to server-aided secret computation. In Proceedings of the 1st International Conference on Information Security and Cryptology - ICISC'98, pages 33-45, 1998. 435
[12]
B. Kaliski, and J. Staddon. RFC 2437: PKCS #1 - RSA Cryptography Specifications Version 2.0. October 1998. http://www.ietf.org/rfc/rfc2437.txt 434
[13]
S. Kent, and R. Atkinson. Security Architecture for the Internet Protocol. RFC2401, http://www.ietf.org/rfc/rfc2401.txt 433
[14]
C.H. Lim, and P. J. Lee. More flexible exponentiation with precomputation. In Proceedings of Crypto 94, pages 95-107, 1994. 434
[15]
C.H. Lim, and P. J. Lee. Security and Performance of server-aided RSA computation protocols. In Proceedings of Crypto 95, pages 70-83, 1995. 435
[16]
T. Matsumoto, H. Imai, C. S. Laih, and S.M. Yen. On verifiable implicit asking protocol for RSA computation. In Proceedings of Auscrypt 92, pages 296-307, 1993. 435
[17]
T. Matsumoto, K. Kato, and H. Imai. Speeding up Secret Computations with Insecure Auxiliary Devices. In Proceedings of Crypto 88, pages 497-506, 1990. 435
[18]
A. J. Menezes, P. C. Van Oorschot, and S.A. Vanstone. Handbook of Applied Cryptography, CRC Press, 1997. 433
[19]
J. Merkle. Multi-Round Passive Attacks on Server-Aided RSA Protocols. In Proceedings of CCS '00, pages 102-107, 2000. 435
[20]
B. Möller. Algorithms for Multi-Exponentiation. In Selected Areas in Cryptography (SAC) 2001, LNCS Vol. 2259, pages 165-180, 2001. 449
[21]
National Institute for Standards and Technology. Digital Signature Standard (DSS). Technical Report 169, 1991. 434
[22]
P. Nguyen, and J. Stern. The B'eguin-Quisquater server-aided RSA protocol from Crypto '95 is not secure. In Proceedings of Asiacrypt '98, pages 372-379, 1998. 435
[23]
B. Pfitzmann, and M. Waidner. Attacks on protocols for server-aided RSA computation. In Proceedings of Eurocrypt 92, pages 153-162, 1992. 435
[24]
R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public key cryptosystems. Communication of the ACM, 21:120-126, 1978. 433
[25]
C.P. Schnorr. Efficient signature generation by smart cards. J. Cryptology 4 (3), pages 161-174, 1991. 434
- Speeding up secure sessions establishment on the internet
Recommendations
Secure group key establishment revisited
We examine the popular proof models for group key establishment of Bresson et al. (LNCS 2248: 290–309, 2001; Proceedings of the 8th ACM conference on computer and communications security (CCS-8), 2001) and point out missing security properties ...
Secure Deniable Authenticated Key Establishment for Internet Protocols
ISA '08: Proceedings of the 2008 International Conference on Information Security and Assurance (isa 2008)In 2003, Boyd et al. have proposed two deniable authenticated key establishment protocols for Internet Key Exchange (IKE). However, both schemes have been broken by Chou et al. in 2005 due to their susceptibility to key-compromise impersonation (KCI) ...
Strongly secure certificateless short signatures
Highlights We introduce a new efficient and secure short certificateless signature scheme. It is strongly unforgeable. The security is based on the CDH assumption. The proposed scheme is provably secure against a relatively stronger adversary. Short ...
Comments
Information & Contributors
Information
Published In
Sponsors
- Ministry of Information and Communication (MIC)
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 28 November 2002
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 06 Jan 2025