Methods for Avoiding the "Small-Subgroup " Attacks on the Diffie-Hellman Key Agreement Method for S/MIME
Abstract:
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved. In some circumstances the use of the Diffie-Hellman key agreement scheme in a prime order subgroup of a large prime p is vulnerable to certain attacks known as "small-subgroup " attacks. Methods exist, however, to prevent these attacks. This document will describe the situations relevant to implementations of S/MIME version 3 in which protection is necessary and the methods that can be used to prevent these attacks. 1.
Citations
| 202 | Authentication and authenticated key exchanges – Diffie, Oorschot, et al. - 1992 |
| 200 | An improved algorithm for computing logarithms over GF(p) and its cryptographic significance – Pohlig, Hellman - 1978 |
| 55 | An efficient protocol for authenticated key agreement – Law, Menezes, et al. - 1998 |
| 50 | Cryptographic Message Syntax – Housley |
| 42 | S/MIME Version 3 Message Specification", RFC 2633 – Ramsdell - 1999 |
| 24 | Diffie-Hellman Key Agreement Method", RFC 2631 – Rescorla, E - 1999 |
| 1 | Compatible cofactor multiplication for Diffie-Hellman primitives – Kaliski - 1998 |
| 1 | Zuccherato Informational [Page 9] RFC 2785 Methods for Avoiding "Small-Subgroup" Attacks March 2000 [RFC2527 – Chokhani, Ford - 1999 |
