CRYPTO NEWS

Nomad reportedly ignored security vulnerability that led to $190M exploit

The altcoins that were stolen in the Nomad bridge hack suffered as much as 94% decline in price after the exploit.

Unexpected Behavior Working in Prime Order Subgroup with Java BigInteger Class

I’m implementing a searchable symmetric encryption scheme, developed by others, for my own personal enrichment. The original research is located at the link: https://eprint.iacr.org/2013/169. I’m using the BigInteger class in Java to perform the group operations. The scheme splits the exponentiation between the client and the server so as to prevent information leakage to the::Listen

I’m implementing a searchable symmetric encryption scheme, developed by others, for my own personal enrichment. The original research is located at the link: https://eprint.iacr.org/2013/169. I’m using the BigInteger class in Java to perform the group operations. The scheme splits the exponentiation between the client and the server so as to prevent information leakage to the server. I generate a value xtag, as illustrated below:

BigInteger exp = z.multiply(ithTermDigest).multiply(y).mod(p); // This works as expected
BigInteger xtag = g.modPow(exp, p); // This works as expected

z is a pseudorandom element of prime order subgroup Zp.
ithTermDigest is a pseudorandom element of prime order subgroup Zp.
y is the modular inverse of z multiplied by a a pseudorandom element of prime order subgroup Zp, and is used as a "blinding factor" for the server.
g is a generator of the group.

The above code works as expected. The value z and it’s inverse in y cancel out to leave ithTermDigest * (the pseudorandom element of the group), and the correct value of xtag results.

What is vexing me is that the below code does not generate the same value for xtag:

//The client will compute this part and send xtoken to the server
BigInteger exp = z.multiply(ithTermDigest).mod(p);
BigInteger xtoken = g.modPow(exp, p);

//The server will compute this part using blinding factor y.
BigInteger xtag = xtoken.modPow(y, p);

The value for xtag does not mirror the previous result. I would expect gab to provide the same result as (ga)b. Are my expectations ill-founded? Is there anything obviously wrong? I don’t pretend to be a mathematician or a cryptographer. Please point me to an appropriate forum if this isn’t.

Nomad reportedly ignored security vulnerability that led to $190M exploit

Shopping cart
There are no products in the cart!
Continue shopping
0