Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Per-Key Generators #318

Open
bellebaum opened this issue Mar 19, 2024 · 0 comments
Open

Per-Key Generators #318

bellebaum opened this issue Mar 19, 2024 · 0 comments

Comments

@bellebaum
Copy link

There is a possibility that one day a dedicated entity will find a nontrivial relationship in the generators used for a particular parameter set. This is about as hard as computing a discrete logarithm (about 128 bits of security), as has been proven before, thus we take this impossibility for granted. What worries me is this:

Once one or few of such nontrivial relationships are found, they might translate not into an attack on one particular key pair, but into an attack on all key pairs using the same api_id, which severely increases the reward for anyone attempting such an attack.

One simple fix would be to hash the public key into the initial value of v (maybe even into all of them), which would however make caching of generators more expensive and less useful. What do you think about this potential threat? Is it worth it to incorporate measures against it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant