On 31-jul-2006, at 0:04, Francis Dupont wrote:
=> HBAs are weaker than CGAs
DO you know any attack that is easier in HBAs than in CGAs? could youdescribe it?
=> easy, you simply steal the whole set. There is nothing to find because the victim can give you everything. This can't happen with CGA because you should not know the private key.
The fact that there are no secrets is exactly the beauty of HBA. You can easily determine what the real user's prefixes are, and also the extra index or whatever it's called, and then you can compute the hash. But that doesn't buy you anything: in order to redirect traffic, you need to find an alternative prefix+index set that resolves to the same hash. This requires 2^58 tries on average without using sec.
CGA is exactly the same, except that here, you don't put in a prefix set of your own, but a public key for which you have the private key.
In both schemes, an attacker must perform o(2^59) attempts in order to find an alternative CGA parameter data strucutre (with an alternative PRefix set in the case of HBAs and with an alternative public key inthe case of CGA)
=> no, either the attacker has to find a key pair giving the same hash or to inverse the public key into the private one. Both problems are harder than for HBAs.
CGA and HBA use the same hash, you can break CGA by breaking the hash and substituting your own keys, rather than break the public key crypto.