Abstract
Client puzzles have been proposed as a useful mechanism for mitigating Denial of Service attacks on network protocols. While several puzzles have been proposed in recent years, most existing non-parallelizable puzzles are based on modular exponentiations. The main drawback of these puzzles is in the high cost that they incur on the puzzle generator (the verifier). In this paper, we propose cryptographic puzzles based on modular exponentiation that reduce this overhead. Our constructions are based on a reasonable intractability assumption in RSA: essentially the difficulty of computing a small private exponent when the public key is larger by several orders of magnitude than the semi-prime modulus. We also discuss puzzle constructions based on CRT-RSA [11]. Given a semi-prime modulus N, the costs incurred on the verifier in our puzzle are decreased by a factor of \({{|N|}\over{k}}\) when compared to existing modular exponentiation puzzles, where k is a security parameter. We further show how our puzzle can be integrated in a number of protocols, including those used for the remote verification of computing performance of devices and for the protection against Denial of Service attacks. We validate the performance of our puzzle on PlanetLab nodes.
Chapter PDF
Similar content being viewed by others
Keywords
References
PlanetLab, An open platform for developing, deploying, and accessing planetary-scale services, http://www.planet-lab.org/
Linpack, http://www.netlib.org/linpack/
Distributed.Net, http://distributed.net/
TOP500 Supercomputing Sites, http://www.top500.org/
Conroe Performance Claim being Busted, http://sharikou.blogspot.com/2006/04/conroe-performance-claim-being-busted.html
Computer Software Manufacturer agrees to settle Charges, http://www.ftc.gov/opa/1996/07/softram.shtm
Atallah, M.J., Pantazopoulos, K.N., Rice, J.R., Spafford, E.H.: Secure Outsourcing of Scientific Computations. In: Advances in Computers (2001)
Blomer, J., May, A.: Low Secret Exponent RSA Revisited. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, p. 4. Springer, Heidelberg (2001)
Boneh, D.: Twenty Years of Attacks on the RSA Cryptosystem. Notices of the American Mathematical Society, AMS (1999)
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. IEEE Transactions on Information Theory, 1339–1349 (2000)
Boneh, D., Schackam, H.: Fast Variants of RSA. In: CryptoBytes (2002)
Burns, J., Mitchell, C.J.: On parameter selection for server-aided RSA computation schemes. IEEE Transactions on Computers (1994)
Cai, J., Nerurkar, A., Wu, M.: The Design of Uncheatable Benchmarks Using Complexity Theory, ftp://ftp.cs.buffalo.edu/pub/tech-reports/./97-10.ps.Z
Chen, L., Morrissey, P., Smart, N., Warinschi, B.: Security Notions and Generic Constructions for Client Puzzles. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 505–523. Springer, Heidelberg (2009)
Coppersmith, D.: Finding a Small Root of a Univariate Modular Equation. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 155–165. Springer, Heidelberg (1996)
Coppersmith, D.: Small solutions to polynomial equations and low exponent vulnerabilities. Journal of Cryptology, 223–260 (1997)
Coppersmith, D., Franklin, M., Patarin, J., Reiter, M.: Low-exponent RSA with related messages. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 1–9. Springer, Heidelberg (1996)
Cui-xiang, Z., Guo-qiang, H., Ming-he, H.: Some New Parallel Fast Fourier Transform Algorithms. In: Proceedings of Parallel and Distributed Computing, Applications and Technologies (2005)
Curnow, H.J., Wichman, B.A.: A Synthetic Benchmark. Computer Journal (1976)
de Weger, B.: Cryptanalysis of RSA with small prime difference. In: Applicable Algebra in Engineering, Communication and Computing (2002)
Dean, D., Stubblefield, A.: Using client puzzles to protect TLS. In: Proceedings of the USENIX Security Symposium (2001)
Doshi, S., Monrose, F., Rubin, A.: Efficient Memory Bound Puzzles using Pattern Databases. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 98–113. Springer, Heidelberg (2006)
Durfee, G., Nguyen, P.: Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt 1999. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 14. Springer, Heidelberg (2000)
Gao, Y.: Efficient Trapdoor-Based Client Puzzle System against DoS Attacks (2005)
Hastad, J.: Solving Simultaneous Modular Equations of Low Degree. SIAM J. Computing (1988)
Hinek, M.J.: Cryptanalysis of RSA and its variants. In: Cryptography and Network Security, Chapman & Hall/CRC (2009)
Hinek, M.J., Lam, C.C.Y.: Common Modulus Attacks on Small Private Exponent RSA and Some Fast Variants (in Practice). In: Cryptology ePrint Archive (2009)
Hinek, M.J.: Another Look at Small RSA Exponents. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 82–98. Springer, Heidelberg (2006)
Hohenberger, S., Lysyanskaya, A.: How to Securely Outsource Cryptographic Computations. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 264–282. Springer, Heidelberg (2005)
Howgrave-Graham, N., Seifert, J.P.: Extending Wiener’s Attack in the Presence of Many Decrypting Exponents. In: Proceedings of the International Exhibition and Congress on Secure Networking (1999)
Jochemsz, E., May, A.: A Polynomial Time Attack on RSA with Private CRT-Exponents Smaller Than N0.073. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 395–411. Springer, Heidelberg (2007)
Juels, A., Brainard, J.: Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks. In: Proceedings of NDSS (1999)
Katzenbeisser, S.: Recent Advanves in RSA Cryptography. In: Advances in Information Security, vol. 3 (2001)
Keqin, L.: Scalable Parallel Matrix Multiplication on Distributed Memory-Parallel Computers. In: Proceedings of IPDPS (2000)
Koblitz, N.: A Course in Number Theory (1987)
Kaya Koc, C., Acar, T., Kaliski, B.S.: Analyzing and Comparing Montgomery Multiplication Algorithms (1996)
Martin, A., Burrows, M., Manasse, M., Wobber, T.: Moderately Hard, Memory-Bound Functions. ACM Transcations on Internet Technologies (2005)
May, A.: Secret Exponent Attacks on RSA-type Schemes with Moduli N = prq. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 218–230. Springer, Heidelberg (2004)
McGinn, S.F., Shaw, R.E.: Parallel Gaussian elimination using OpenMP and MPI. In: Proceedings of the International Symposium on High Performance Computing Systems and Applications (2002)
Miller, G.L.: Riemann’s Hypothesis and Tests for Primality. In: Proc. Seventh Annual ACM Symp. on the Theory of Computing (1975)
Reiter, M.K., Sekar, V., Spensky, C., Zhang, Z.: Making peer-assisted content distribution robust to collusion using bandwidth puzzles. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol. 5905, pp. 132–147. Springer, Heidelberg (2009)
Rivest, R.L., Shamir, A., Adleman, L.M.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 120–126 (1978)
Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock Puzzles and Timed-release Crypto. MIT Technical Report (1996)
Sedgewick, R., Chi-Chih Yao, A.: Towards Uncheatable Benchmarks. In: Proceedings of The Structure in Complexity Theory Conference (1993)
Tritilanunt, S., Boyd, C., Gonzalez Nieto, J.M., Foo, E.: Toward Non-Parallelizable Client Puzzles. In: Bao, F., Ling, S., Okamoto, T., Wang, H., Xing, C. (eds.) CANS 2007. LNCS, vol. 4856, pp. 247–264. Springer, Heidelberg (2007)
van Dijk, M., Clarke, D., Gassend, B., Suh, G.E., Devadas, S.: Speeding up Exponentiation using an Untrusted Computational Resource. In: Designs, Codes and Cryptography, vol. 39, pp. 253–273 (2006)
Wang, X., Reiter, M.: Defending Against Denial-of-Service Attacks with Puzzle Auctions. In: Proceedings of the IEEE Symposium on Security and Privacy (2003)
Wang, X., Reiter, M.K.: A Multi-layer Framework for Puzzle-based Denial-of-Service Defense. International Journal of Information Security (2007)
Waters, B., Juels, A., Halderman, J.A., Felten, E.W.: New client puzzle outsourcing techniques for DoS resistance. In: Proceedings of the ACM Conference on Computer and Communications Security (2004)
Wiener, M.: Cryptanalysis of short RSA secret exponents. IEEE Transactions on Information Theory, 553–558 (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Karame, G.O., Čapkun, S. (2010). Low-Cost Client Puzzles Based on Modular Exponentiation. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds) Computer Security – ESORICS 2010. ESORICS 2010. Lecture Notes in Computer Science, vol 6345. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15497-3_41
Download citation
DOI: https://doi.org/10.1007/978-3-642-15497-3_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15496-6
Online ISBN: 978-3-642-15497-3
eBook Packages: Computer ScienceComputer Science (R0)