This may be of use:
http://citeseer.nj.nec.com/anderson96minding.html
"Over the last year or two, a large number of attacks have been found by the authors and others on protocols based on the discrete logarithm problem, such as ElGamal signature and Diffie Hellman key exchange. These attacks depend on causing variables to assume values whose discrete logarithms can be calculated, whether by forcing a protocol exchange into a smooth subgroup or by choosing degenerate values directly. We survey these attacks and discuss how to build systems that are robust against..."
@inproceedings{ anderson96minding,
author = "Anderson and Vaudenay",
title = "Minding Your p's and q's",
booktitle = "{ASIACRYPT}: Advances in Cryptology -- {ASIACRYPT}: International Conference on the Theory and Application of Cryptology",
publisher = "LNCS, Springer-Verlag",
year = "1996",
url = "citeseer.nj.nec.com/anderson96minding.html" }
Cheers,
-J
On Wednesday, Jan 1, 2003, at 13:53 US/Eastern, Adam Shostack wrote:
I'm looking for a list of common implementation flaws in DH. Things
like: How to check the key the other side sends, what are acceptable
values for p, etc?
Any pointers?
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
