Paper 2014/767

Algebraic Attacks on Human Identification Protocols

Hassan Jameel Asghar, Ron Steinfeld, Shujun Li, Mohamed Ali Kaafar, and Josef Pieprzyk

Abstract

Human identification protocols are challenge-response protocols that rely on human computational ability to reply to random challenges from the server based on a public function of a shared secret and the challenge to authenticate the human user. One security criterion for a human identification protocol is the number of challenge-response pairs the adversary needs to observe before it can deduce the secret. In order to increase this number, protocol designers have tried to construct protocols that cannot be represented as a system of linear equations or congruences. In this paper, we take a closer look at different ways from algebra, lattices and coding theory to obtain the secret from a system of linear congruences. We then show two examples of human identification protocols from literature that can be transformed into a system of linear congruences. The resulting attack limits the number of authentication sessions these protocols can be used before secret renewal. Prior to this work, these protocols had no known upper bound on the number of allowable sessions per secret.

Note: There were some errors in Section 6, which are now corrected in Appendix D of the revised paper.

Metadata
Available format(s)
PDF
Publication info
Preprint. Minor revision.
Keywords
Human identification protocolslinear system of congruenceslearning with errors
Contact author(s)
hassan jameel @ gmail com
History
2016-07-12: last of 6 revisions
2014-09-30: received
See all versions
Short URL
https://ia.cr/2014/767
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/767,
      author = {Hassan Jameel Asghar and Ron Steinfeld and Shujun Li and Mohamed Ali Kaafar and Josef Pieprzyk},
      title = {Algebraic Attacks on Human Identification Protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2014/767},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/767}},
      url = {https://eprint.iacr.org/2014/767}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.