IEICE TRANSACTIONS on Fundamentals
Strongly Secure Authenticated Key Exchange without NAXOS' Approach under Computational Diffie-Hellman Assumption
Summary :
LaMacchia, Lauter and Mityagin [19] proposed a novel security definition for authenticate key exchange (AKE) that gives an adversary the power to obtain ephemeral information regarding a target test session. To demonstrate feasibility of secure protocols in the new definition, henceforth called eCK, the authors described a protocol called NAXOS. NAXOS combines an ephemeral private key x with a static private key a to generate an ephemeral public key X (more precisely in what we call the NAXOS' approach X = gH(x,a)). Thus no one is able to query the discrete logarithm of X without knowing both the ephemeral and static private keys. This idea is crucial in the security argument to guard against leaked ephemeral secrets belonging to the test session. Another important assumption is the gap assumption that allows the protocol to remain secure even in the presence of malicious insiders. Both ideas have been successfully used in creating various protocols secure in the eCK model. In this paper, we construct two eCK-secure protocols without the above mentioned ideas. KFU1 is secure under the GDH assumption without using the NAXOS' approach. KFU2 builds upon KFU1 and drops the gap requirement, thus it is secure under the CDH assumption. Efficiency and security of the proposed protocols are comparable to the well-known HMQV [15] protocol. Furthermore, unlike HMQV and NAXOS the use of the random oracle in KFU1 and KFU2 is restricted to the key derivation function making them more suitable for practical applications.
- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E95-A No.1 pp.29-39
- Publication Date
- 2012/01/01
- Publicized
- Online ISSN
- 1745-1337
- DOI
- 10.1587/transfun.E95.A.29
- Type of Manuscript
- Special Section PAPER (Special Section on Cryptography and Information Security)
- Category
- Public Key Cryptography
Authors
LUKeyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Minkyu KIM, Atsushi FUJIOKA, Berkant USTAOLU, "Strongly Secure Authenticated Key Exchange without NAXOS' Approach under Computational Diffie-Hellman Assumption" in IEICE TRANSACTIONS on Fundamentals,
vol. E95-A, no. 1, pp. 29-39, January 2012, doi: 10.1587/transfun.E95.A.29.
Abstract: LaMacchia, Lauter and Mityagin [19] proposed a novel security definition for authenticate key exchange (AKE) that gives an adversary the power to obtain ephemeral information regarding a target test session. To demonstrate feasibility of secure protocols in the new definition, henceforth called eCK, the authors described a protocol called NAXOS. NAXOS combines an ephemeral private key x with a static private key a to generate an ephemeral public key X (more precisely in what we call the NAXOS' approach X = gH(x,a)). Thus no one is able to query the discrete logarithm of X without knowing both the ephemeral and static private keys. This idea is crucial in the security argument to guard against leaked ephemeral secrets belonging to the test session. Another important assumption is the gap assumption that allows the protocol to remain secure even in the presence of malicious insiders. Both ideas have been successfully used in creating various protocols secure in the eCK model. In this paper, we construct two eCK-secure protocols without the above mentioned ideas. KFU1 is secure under the GDH assumption without using the NAXOS' approach. KFU2 builds upon KFU1 and drops the gap requirement, thus it is secure under the CDH assumption. Efficiency and security of the proposed protocols are comparable to the well-known HMQV [15] protocol. Furthermore, unlike HMQV and NAXOS the use of the random oracle in KFU1 and KFU2 is restricted to the key derivation function making them more suitable for practical applications.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E95.A.29/_p
Copy
@ARTICLE{e95-a_1_29,
author={Minkyu KIM, Atsushi FUJIOKA, Berkant USTAOLU, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Strongly Secure Authenticated Key Exchange without NAXOS' Approach under Computational Diffie-Hellman Assumption},
year={2012},
volume={E95-A},
number={1},
pages={29-39},
abstract={LaMacchia, Lauter and Mityagin [19] proposed a novel security definition for authenticate key exchange (AKE) that gives an adversary the power to obtain ephemeral information regarding a target test session. To demonstrate feasibility of secure protocols in the new definition, henceforth called eCK, the authors described a protocol called NAXOS. NAXOS combines an ephemeral private key x with a static private key a to generate an ephemeral public key X (more precisely in what we call the NAXOS' approach X = gH(x,a)). Thus no one is able to query the discrete logarithm of X without knowing both the ephemeral and static private keys. This idea is crucial in the security argument to guard against leaked ephemeral secrets belonging to the test session. Another important assumption is the gap assumption that allows the protocol to remain secure even in the presence of malicious insiders. Both ideas have been successfully used in creating various protocols secure in the eCK model. In this paper, we construct two eCK-secure protocols without the above mentioned ideas. KFU1 is secure under the GDH assumption without using the NAXOS' approach. KFU2 builds upon KFU1 and drops the gap requirement, thus it is secure under the CDH assumption. Efficiency and security of the proposed protocols are comparable to the well-known HMQV [15] protocol. Furthermore, unlike HMQV and NAXOS the use of the random oracle in KFU1 and KFU2 is restricted to the key derivation function making them more suitable for practical applications.},
keywords={},
doi={10.1587/transfun.E95.A.29},
ISSN={1745-1337},
month={January},}
Copy
TY - JOUR
TI - Strongly Secure Authenticated Key Exchange without NAXOS' Approach under Computational Diffie-Hellman Assumption
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 29
EP - 39
AU - Minkyu KIM
AU - Atsushi FUJIOKA
AU - Berkant USTAOLU
PY - 2012
DO - 10.1587/transfun.E95.A.29
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E95-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2012
AB - LaMacchia, Lauter and Mityagin [19] proposed a novel security definition for authenticate key exchange (AKE) that gives an adversary the power to obtain ephemeral information regarding a target test session. To demonstrate feasibility of secure protocols in the new definition, henceforth called eCK, the authors described a protocol called NAXOS. NAXOS combines an ephemeral private key x with a static private key a to generate an ephemeral public key X (more precisely in what we call the NAXOS' approach X = gH(x,a)). Thus no one is able to query the discrete logarithm of X without knowing both the ephemeral and static private keys. This idea is crucial in the security argument to guard against leaked ephemeral secrets belonging to the test session. Another important assumption is the gap assumption that allows the protocol to remain secure even in the presence of malicious insiders. Both ideas have been successfully used in creating various protocols secure in the eCK model. In this paper, we construct two eCK-secure protocols without the above mentioned ideas. KFU1 is secure under the GDH assumption without using the NAXOS' approach. KFU2 builds upon KFU1 and drops the gap requirement, thus it is secure under the CDH assumption. Efficiency and security of the proposed protocols are comparable to the well-known HMQV [15] protocol. Furthermore, unlike HMQV and NAXOS the use of the random oracle in KFU1 and KFU2 is restricted to the key derivation function making them more suitable for practical applications.
ER -
English
