Cryptanalysis of e-mail protocols providing perfect forward secrecy

Recently, two e-mail protocols were proposed claiming to provide perfect secrecy. These protocols use authentication and (Diffie-Hellman) key-exchange techniques, and as such, other standard security criteria besides perfect forward secrecy include key-replay resilience, known-key security, key freshness and unknown key-share resilience are expected too. In this paper, we show that the two protocols cannot resist replay attacks, and further that the first falls to unknown key-share attacks while the second fails to provide perfect forward secrecy, contrary to the designers' claims. Although the two protocols were intended by the designers to be more secure variants compared to the common e-mail protocol, our results show that being newer does not necessarily mean being more secure. (C) 2007 Elsevier B.V. All rights reserved.

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.

Cryptanalysis of e-mail protocols providing perfect forward secrecy

Graph Chatbot

Chat with Graph Search

On the Theory and Practice of Modern Secure Messaging

Secure and Efficient Cryptographic Algorithms in a Quantum World

New SIDH Countermeasures for a More Efficient Key Exchange

New SIDH Countermeasures for a More Efficient Key Exchange

Secure and Efficient Cryptographic Algorithms in a Quantum World

On the Theory and Practice of Modern Secure Messaging