[HGI-News-de] HGI Seminar Do. 05.02.: "A practical key recovery attack on basic TCHo­" von M. Herrmann

[Newsletter des Horst Görtz Instituts]

Hallo,

im Rahmen des HGI-Seminars "Aktuelle Themen der IT-Sicherheit" wird
am kommenden Donnerstag der folgende Vortrag angeboten:

Mathias Herrmann:
*A practical key recovery attack on basic TCHo­*


Termin:
Donnerstag, der 05. Februar um  11.00 Uhr (*s.t.*)
Raum: IC 4/161

Interessierte sind herzlich eingeladen!


==============================================================
Abstract:

TCHo is a public key encryption scheme based on a stream cipher
component, which is particular suitable for low cost devices like RFIDs.
In its basic version, TCHo offers no IND-CCA2 security, but the authors
suggest to use a generic hybrid construction to achieve this security
level. The implementation of this method however, significantly
increases the hardware complexity of TCHo and thus annihilates the
advantage of being suitable for low cost devices. In this paper we show,
that TCHo cannot be used without this construction. We present a chosen
ciphertext attack on basic TCHo that recovers the secret key after
approximately d^(3/2) decryptions, where d is the number of bits of the
secret key polynomial. The entropy of the secret key is
log_2(binomial(d,w)), where w is the weight of the secret key
polynomial, and w is usually small compared to d. In particular, we can
break all of the parameters proposed for TCHo within hours on a standard
PC.­
==============================================================

Informationen über die nächsten geplannten Vorträge im Rahmen des
HGI-Seminars sind auch im Web zu finden:
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles

Gruß,
Mathias Herrmann