Abstract
The Miller-Rabin pseudo primality test is widely used in cryptographic libraries, because of its apparent simplicity. But the test is not always correctly implemented. For example the pseudo primality test in GNU Crypto 1.1.0 uses a fixed set of bases. This paper shows how this flaw can be exploited to break the SRP implementation in GNU Crypto. The attack is demonstrated by explicitly constructing pseudoprimes that satisfy the parameter checks in SRP and that allow a dictionary attack. This dictionary attack would not be possible if the pseudo primality test were correctly implemented.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Alford, W.R., Granville, A., Pomerance, C.: On the difficulty of finding reliable witnesses. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 1–16. Springer, Heidelberg (1994)
Alford, W.R., Granville, A., Pomerance, C.: There are infinitely many Carmichael numbers. Annals of Mathematics 140(3), 703–722 (1994)
Arnault, F.: Rabin-Miller primality test: Composite numbers which pass it. Mathematics of Computation 64(209), 355–361 (1995)
Carmichael, R.D.: On composite numbers P which satisfy the Fermat congruence aP−1 ≡ 1 mod P. American Math. Monthly 19, 22–27 (1912)
Damgård, I., Landrock, P., Pomerance, C.: Average case error estimates for the strong probable prime test. Mathematics of Computation 61(203), 177–194 (1993)
Erdös, P.: On pseudoprimes and Carmichael numbers. Publ. Math. Debrecen 4, 201–206 (1956)
Korselt, A.: Probl‘eme chinois. L’intermédiaire des mathématiciens 6, 142–143 (1899)
MacKenzie, P.: Personal communications
Pohlig, S.C., Hellman, M.E.: An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Trans. Inform. Theory IT-24, 106–110 (1978)
Rabin, M.: Probabilistic algorithms for testing primality. J. Number Theory 12, 128–138 (1980)
Wu, T.: SRP-6: Improvements and refinements to the secure remote password protocol (October 2002), http://srp.stanford.edu/doc.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bleichenbacher, D. (2005). Breaking a Cryptographic Protocol with Pseudoprimes. In: Vaudenay, S. (eds) Public Key Cryptography - PKC 2005. PKC 2005. Lecture Notes in Computer Science, vol 3386. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30580-4_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-30580-4_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24454-7
Online ISBN: 978-3-540-30580-4
eBook Packages: Computer ScienceComputer Science (R0)