Paper 2015/1231

When are Identification Protocols with Sparse Challenges Safe? The Case of the Coskun and Herley Attack

Hassan Jameel Asghar and Mohamed Ali Kaafar


Cryptographic identification protocols enable a prover to prove its identity to a verifier. A subclass of such protocols are shared-secret challenge-response identification protocols in which the prover and the verifier share the same secret and the prover has to respond to a series of challenges from the verifier. When the prover is a human, as opposed to a machine, such protocols are called human identification protocols. To make human identification protocols usable, protocol designers have proposed different techniques in the literature. One such technique is to make the challenges sparse, in the sense that only a subset of the shared secret is used to compute the response to each challenge. Coskun and Herley demonstrated a generic attack on shared-secret challenge-response type identification protocols which use sparse challenges. They showed that if the subset of the secret used is too small, an eavesdropper can learn the secret after observing a small number of challenge-response pairs. Unfortunately, from their results, it is not possible to find the safe number of challenge-response pairs a sparse-challenge protocol can be used for, without actually implementing the attack on the protocol and weeding out unsafe parameter sizes. Such a task can be time-consuming and computationally infeasible if the subset of the secret used is not small enough. In this work, we show an analytical estimate of the number of challenge-response pairs required by an eavesdropper to find the secret through the Coskun and Herley attack. Against this number, we also give an analytical estimate of the time complexity of the attack. Our results will help protocol designers to choose safe parameter sizes for identification protocols that employ sparse challenges.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Identification protocolshuman identification protocolscryptographyinformation securityinformation theory
Contact author(s)
hassan jameel @ gmail com
2015-12-28: received
Short URL
Creative Commons Attribution


      author = {Hassan Jameel Asghar and Mohamed Ali Kaafar},
      title = {When are Identification Protocols with Sparse Challenges Safe? The Case of the Coskun and Herley Attack},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1231},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.