{"created":"2025-01-19T01:39:43.004638+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00237213","sets":["1164:3925:11477:11663"]},"path":["11663"],"owner":"44499","recid":"237213","title":["RyanとHeningerのMEGAに対する攻撃の改良"],"pubdate":{"attribute_name":"公開日","attribute_value":"2024-07-15"},"_buckets":{"deposit":"0e9c577c-2902-4342-a9d3-cbb8a030938a"},"_deposit":{"id":"237213","pid":{"type":"depid","value":"237213","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"RyanとHeningerのMEGAに対する攻撃の改良","author_link":["648974","648975","648973","648972"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"RyanとHeningerのMEGAに対する攻撃の改良"},{"subitem_title":"Improving Ryan and Heninger’s Attack on MEGA","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"ISEC","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2024-07-15","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"筑波大学"},{"subitem_text_value":"筑波大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"University of Tsukuba","subitem_text_language":"en"},{"subitem_text_value":"University of Tsukuba","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/237213/files/IPSJ-CSEC24106007.pdf","label":"IPSJ-CSEC24106007.pdf"},"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC24106007.pdf","filesize":[{"value":"987.0 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_login","version_id":"949d2b01-2a43-455c-98fb-e1077ea3df12","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"下江, 直輝"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"國廣, 昇"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Naoki, Shimoe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Noboru, Kunihiro","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8655","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"MEGA は end-to-end encryption をサポートするクラウドストレージプラットフォームであり，敵対的なサーバに対してもデータの機密性・完全性を保証できる設計を目指している．しかし，Backendal ら（IEEE S&P 2023），Ryan と Heninger（PKC2023）は，サーバはセッション ID 交換を悪用して，それぞれ 512，6 回のログインでユーザの RSA 秘密鍵を復元できることを示した．さらに，Albrecht ら（Eurocrypt2023）はセッション ID 交換とは異なる機能から ECB 暗号化オラクルを構築し，必要なログイン回数を 2 回に削減できることを示した．本稿では，セッション ID 交換単体の安全性をより詳細に評価するために，ECB 暗号化オラクルを使わないときの RSA 秘密鍵の復元に必要な最小ログイン回数を調べる．Ryan と Heninger の攻撃手法を基にして，ECB 暗号化オラクルを利用せずに 4 回のログインで RSA 秘密鍵を復元できる攻撃手法を提案する．さらに，提案手法の有効性を計算機実験により検証する．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Backendal et al. (IEEE S&P 2023), Ryan and Heninger (PKC2023), and Albrecht et al. (Eurocrypt2023) showed that RSA private keys on MEGA, the end-to-end encryption cloud storage platform, can be recovered with 512, 6, and 2 login attempts, respectively, by exploiting the session ID exchange. In this study, we construct a new RSA private key recovery attack based on Ryan and Heninger’s, and verify it in our experiment. Our proposed attack reduce the number of login attempts to 4 without the ECB encryption oracle exploited in Albrecht et al.’s attack.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2024-07-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"7","bibliographicVolumeNumber":"2024-CSEC-106"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":237213,"updated":"2025-01-19T08:57:23.576634+00:00","links":{}}