Common use of Key Offset Attack Clause in Contracts

Key Offset Attack. In this attack an adversary modifies the message being sent by multiplying the Ephemeral Public Key with its own exponent λ. This offsets the agreed session key by the same exponent unknown to either of the parties. This happens in protocols where key confirmation is absent. In the pro- tocol proposed by ▇▇▇▇▇▇ and ▇▇▇▇▇▇, the absence of origin authentication causes a vulnerability. The same is remedied in our protocol by adding an extra term in the message being sent. The extra term is effectively a ▇▇▇▇▇▇▇ signature of the original terms being sent. The signature is verified in the correctness check of Steps 5, 8 in Algorithm 1. For an active adversary to successfully mount the attack in this model, it should have the ability to generate a new signature, to go with the message being sent. This cannot be achieved as the signature generation involves the long term secret key of the user, which the adversary is unaware of.

Key Offset Attack. In this attack an adversary modifies the message being sent by multiplying the Ephemeral Public Key with its own exponent λ. This offsets the agreed session key by the same exponent unknown to either of the parties. This happens in protocols where key confirmation is absent. In the pro- tocol protocol proposed by ▇▇▇▇▇▇ Farash and ▇▇▇▇▇▇Attari, the absence of origin authentication causes a vulnerability. The same is remedied in our protocol by adding an extra term in the message being sent. The extra term is effectively a ▇▇▇▇▇▇▇ signature of the original terms being sent. The signature is verified in the correctness check of Steps 5, 8 Step 4 in Algorithm 1. For an active adversary to successfully mount the attack in this model, it should have the ability to generate a new signature, to go with signature on the message being sent. This cannot be achieved as the signature generation involves the long term secret key of the user, which the adversary is unaware of.