Angel L. Pérez del Pozo

Fighting pirates 2.0

In this paper we propose methods to cope with the Pirates 2.0 attack strategy against tracing and revoking schemes presented at Eurocrypt 2009. In the Pirates 2.0 attack model traitors collaborate in public and partially share their secret information with a certified guarantee of anonymity. Several classes of tracing and revoking schemes are subject to such a new threat. We focus our attention on the tree-based class of schemes. We start by discussing some simple techniques which can partially help to deal with the attack, and point out their limits. Then, we describe a new hybrid scheme which can be used to face up the Pirates 2.0 attack strategy.

A note on the security of MST3

In this paper, we study the recently proposed encryption scheme MST3, focusing on a concrete instantiation using Suzuki-2-groups. In a passive scenario, we argue that the one wayness of this scheme may not, as claimed, be proven without the assumption that factoring group elements with respect to random covers for a subset of the group is hard. As a result, we conclude that for the proposed Suzuki 2-groups instantiation, impractical key sizes should be used in order to prevent more or less straightforward factorization attacks.

Cryptanalysis of a key exchange scheme based on block matrices

In this paper we describe a cryptanalysis of a key exchange scheme recently proposed by Alvarez, Tortosa, Vicent and Zamora. The scheme is based on exponentiation of block matrices over a finite field of prime order, and its security is claimed to rely in the hardness of a discrete logarithm problem in a subgroup of GL n ( ? p ) . However, the proposals design allows for a clean attack strategy which exploits the fact that exponents are at some point added instead of multiplied as in a standard Diffie-Hellman construction. This strategy is moreover successful for a much more general choice of parameters than that put forward by Alvarez et al.

Toward tracing and revoking schemes secure against collusion and any form of secret information leakage

Tracing and revoking schemes enable a center to deliver protected content to a subset of privileged users of a given universe. The main property these schemes enjoy is that traitors, who illegally help unauthorized users to set up a pirate decoder for gaining access to the protected content, can be identified and removed from the privileged subset. Historically, traitors have been modeled as users who privately share their secret information with unauthorized users. However, in the Pirates 2.0 attack model, traitors collaborate in public and partially share their secret information with a certified guarantee of anonymity. Several classes of tracing and revoking schemes, like tree-based tracing and revoking schemes and code-based tracing schemes, are subject to such a new threat. In this paper we propose methods to cope with the Pirates 2.0 attack. We focus our attention on the class of tree-based schemes. We start by discussing some simple techniques, which can partially help to deal with the attack, and point out their limits. Then, looking through the literature, we recover some ideas, which can be used to strengthen tracing and revoking schemes. We also analyze the trade-off which can be obtained by applying these ideas to the schemes. Finally, we describe new hybrid schemes, obtained by mixing previous constructions, which can be used to face up the Pirates 2.0 attack.

An Efficient and Reliable Two-Level Lightweight Authentication Protocol

In this paper we propose a new lightweight authentication protocol. It is a two-level protocol which supports unbounded message transmission. It is suitable for several settings, from the standard sender-receiver setting to unreliable broadcast and multicast communication in networks with resource-constrained devices. The key ideas underlying our design are the use of the Guy Fawkes signatures, the hash-chaining method, and some techniques used in MAC-based authentication protocols for multicast communication. To our knowledge, our protocol is the first one that solves the unbounded number of message transmission issue in unreliable settings. It does not lose efficiency and introduces only a constant-size overhead in message transmission compared to solutions for a bounded number of message transmissions.

Group key exchange protocols withstanding ephemeral-key reveals

When a group key exchange protocol is executed, the session key is typically extracted from two types of secrets: long-term keys (for authentication) and freshly generated (often random) values. The leakage of this latter so-called ephemeral keys has been extensively analysed in the 2-party case, yet very few works are concerned with it in the group setting. The authors provide a generic group key exchange construction that is strongly secure, meaning that the attacker is allowed to learn both long-term and ephemeral keys (but not both from the same participant, as this would trivially disclose the session key). Their design can be seen as a compiler, in the sense that it builds on a 2-party key exchange protocol which is strongly secure and transforms it into a strongly secure group key exchange protocol by adding only one extra round of communication. When applied to an existing 2-party protocol from Bergsma et al., the result is a 2-round group key exchange protocol which is strongly secure in the standard model, thus yielding the first construction with this property.