Merkle Puzzles are Optimal
نویسندگان
چکیده
We prove that every key exchange protocol in the random oracle model in which the honest users make at most n queries to the oracle can be broken by an adversary making O(n) queries to the oracle. This improves on the previous Ω̃(n) query attack given by Impagliazzo and Rudich (STOC ’89). Our bound is optimal up to a constant factor since Merkle (CACM ’78) gave an n query key exchange protocol in this model that cannot be broken by an adversary making o(n) queries.
منابع مشابه
Merkle Puzzles Are Optimal - An O(n2)-Query Attack on Any Key Exchange from a Random Oracle
We prove that every key exchange protocol in the random oracle model in which the honest users make at most n queries to the oracle can be broken by an adversary making O(n) queries to the oracle. This improves on the previous Ω̃(n) query attack given by Impagliazzo and Rudich (STOC ’89), and answers an open question posed by them. Our bound is optimal up to a constant factor since Merkle (CACM ...
متن کاملMerkle Puzzles are Optimal — an O(n)-query attack on key exchange from a random oracle
We prove that every key exchange protocol in the random oracle model in which the honest users make at most n queries to the oracle can be broken by an adversary making O(n) queries to the oracle. This improves on the previous Ω̃(n) query attack given by Impagliazzo and Rudich (STOC ’89). Our bound is optimal up to a constant factor since Merkle (CACM ’78) gave an n query key exchange protocol i...
متن کامل3 Ja n 20 08 Merkle Puzzles are Optimal
We prove that every key exchange protocol in the random oracle model in which the honest users make at most n queries to the oracle can be broken by an adversary making O(n) queries to the oracle. This improves on the previous Ω̃(n) query attack given by Impagliazzo and Rudich (STOC’ 89). Our bound is optimal up to a constant factor since Merkle (CACM ’78) gave an n query key exchange protocol i...
متن کاملOptimal trade-off for merkle tree traversal
In this paper we describe optimal trade-offs between time and space complexity of Merkle tree traversals with their associated authentication paths, improving on the previous results of M. Jakobsson, T. Leighton, S. Micali, and M. Szydlo [Fractal Merkle tree representation and traversal, in: RSA Cryptographers Track, RSA Security Conference, 2003] and M. Szydlo [Merkle tree traversal in log spa...
متن کاملMerkle Puzzles in a Quantum World
In 1974, Ralph Merkle proposed the first unclassified scheme for secure communications over insecure channels. When legitimate communicating parties are willing to spend an amount of computational effort proportional to some parameter N , an eavesdropper cannot break into their communication without spending a time proportional to N, which is quadratically more than the legitimate effort. We sh...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2008 شماره
صفحات -
تاریخ انتشار 2008