On the Security of Girault Key Agreement Protocols against Active Attacks
Summary :
In 1991 Girault proposed a key agreement protocol based on his new idea of self-certified public key. Later Rueppel and Oorschot showed variants of the Girault scheme. All of these key agreement protocols inherit positive features of self-certified public key so that they can provide higher security and smaller communication overhead than key agreement protocols not based on self-certified public key. Even with such novel features, rigorous security of these protocols has not been made clear yet. In this paper, we give rigorous security analysis of the original and variants of Girault key agreement protocol under several kinds of active attacker models. In particular we show that protocols are either insecure or proven as secure as the Diffie-Hellman problem over Zn with respect to the reduction among functions of computing them. Analyzed protocols include a new variant of 1-pass protocol. As opposed to the original 1-pass protocol, the new variant provides mutual implicit key authentication without increasing the number of passes.
- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E86-A No.5 pp.1181-1189
- Publication Date
- 2003/05/01
- Publicized
- Online ISSN
- DOI
- Type of Manuscript
- Special Section PAPER (Special Section on Discrete Mathematics and Its Applications)
- Category
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Soo-Hyun OH, Masahiro MAMBO, Hiroki SHIZUYA, Dong-Ho WON, "On the Security of Girault Key Agreement Protocols against Active Attacks" in IEICE TRANSACTIONS on Fundamentals,
vol. E86-A, no. 5, pp. 1181-1189, May 2003, doi: .
Abstract: In 1991 Girault proposed a key agreement protocol based on his new idea of self-certified public key. Later Rueppel and Oorschot showed variants of the Girault scheme. All of these key agreement protocols inherit positive features of self-certified public key so that they can provide higher security and smaller communication overhead than key agreement protocols not based on self-certified public key. Even with such novel features, rigorous security of these protocols has not been made clear yet. In this paper, we give rigorous security analysis of the original and variants of Girault key agreement protocol under several kinds of active attacker models. In particular we show that protocols are either insecure or proven as secure as the Diffie-Hellman problem over Zn with respect to the reduction among functions of computing them. Analyzed protocols include a new variant of 1-pass protocol. As opposed to the original 1-pass protocol, the new variant provides mutual implicit key authentication without increasing the number of passes.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/e86-a_5_1181/_p
Copy
@ARTICLE{e86-a_5_1181,
author={Soo-Hyun OH, Masahiro MAMBO, Hiroki SHIZUYA, Dong-Ho WON, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={On the Security of Girault Key Agreement Protocols against Active Attacks},
year={2003},
volume={E86-A},
number={5},
pages={1181-1189},
abstract={In 1991 Girault proposed a key agreement protocol based on his new idea of self-certified public key. Later Rueppel and Oorschot showed variants of the Girault scheme. All of these key agreement protocols inherit positive features of self-certified public key so that they can provide higher security and smaller communication overhead than key agreement protocols not based on self-certified public key. Even with such novel features, rigorous security of these protocols has not been made clear yet. In this paper, we give rigorous security analysis of the original and variants of Girault key agreement protocol under several kinds of active attacker models. In particular we show that protocols are either insecure or proven as secure as the Diffie-Hellman problem over Zn with respect to the reduction among functions of computing them. Analyzed protocols include a new variant of 1-pass protocol. As opposed to the original 1-pass protocol, the new variant provides mutual implicit key authentication without increasing the number of passes.},
keywords={},
doi={},
ISSN={},
month={May},}
Copy
TY - JOUR
TI - On the Security of Girault Key Agreement Protocols against Active Attacks
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1181
EP - 1189
AU - Soo-Hyun OH
AU - Masahiro MAMBO
AU - Hiroki SHIZUYA
AU - Dong-Ho WON
PY - 2003
DO -
JO - IEICE TRANSACTIONS on Fundamentals
SN -
VL - E86-A
IS - 5
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - May 2003
AB - In 1991 Girault proposed a key agreement protocol based on his new idea of self-certified public key. Later Rueppel and Oorschot showed variants of the Girault scheme. All of these key agreement protocols inherit positive features of self-certified public key so that they can provide higher security and smaller communication overhead than key agreement protocols not based on self-certified public key. Even with such novel features, rigorous security of these protocols has not been made clear yet. In this paper, we give rigorous security analysis of the original and variants of Girault key agreement protocol under several kinds of active attacker models. In particular we show that protocols are either insecure or proven as secure as the Diffie-Hellman problem over Zn with respect to the reduction among functions of computing them. Analyzed protocols include a new variant of 1-pass protocol. As opposed to the original 1-pass protocol, the new variant provides mutual implicit key authentication without increasing the number of passes.
ER -
English
