The (in)security of some recently proposed lightweight key distribution schemes
Chris J Mitchell
TL;DR
This paper critically examines recent lightweight key distribution schemes, revealing inherent insecurities, incomplete specifications, and misleading claims about their security and efficiency.
Contribution
It provides a security analysis showing most schemes are insecure and highlights issues with their incomplete design and false claims of lightweight security.
Findings
Most schemes are inherently insecure
Schemes are incompletely specified
Claims of lightweight security are misleading
Abstract
Two recently published papers propose some very simple key distribution schemes designed to enable two or more parties to establish a shared secret key with the aid of a third party. Unfortunately, as we show, most of the schemes are inherently insecure and all are incompletely specified - moreover, claims that the schemes are inherently lightweight are shown to be highly misleading. We also briefly critique a somewhat related very recent paper by the same authors that uses similar techniques to achieve what are claimed to be secure multiparty computations.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsChaos-based Image/Signal Encryption · Cryptographic Implementations and Security · Advanced Authentication Protocols Security