To search, Click below search items.


All Published Papers Search Service


Cryptanalysis and Improvement of Smart-ID's Clone Detection Mechanism


Augustin P. Sarr


Vol. 20  No. 1  pp. 37-40


At ESORICS 2017, Buldas et al. proposed an efficient (software only) server supported signature scheme, geared to mobile devices, termed Smart?ID. A major component of their design is a clone detection mechanism, which allows a server to detect the existence of clones of a client’s private key share. We point out a flaw in this mechanism. We show that, under a realistic race condition, an attacker which holds a password camouflaged private share can launch an online dictionary attack such that (i) if all its password guesses are wrong, it is very likely that the attack will not be detected, and (ii) if one of its guesses is correct, it can generate signatures on messages of its choice, and the attack will not be detected. We propose an improvement of Smart?ID, we cal i-Smart-ID, to thwart the attack we present


Digital Signature, Four?prime RSA, Clone Detection Mechanism, Smart?ID, Undetectable online Dictionary Attack