Abstract
The unified model (UM) is a family of key agreement protocols that has been standardized by ANSI and NIST. The NIST standard explicitly permits the reuse of a static key pair among the one-pass and three-pass UM protocols. However, a recent study demonstrated that such reuse can lead to security vulnerabilities. In this paper we revisit the security of the one- and three-pass UM protocols when static key pairs are reused. We propose a shared security model that incorporates the individual security attributes of the two protocols. We then show, provided appropriate measures are taken, that the protocols are secure even when static key pairs are reused.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
ANSI X9.42, Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, American National Standards Institute (2003)
ANSI X9.63, Key Agreement and Key Transport Using Elliptic Curve Cryptography, American National Standards Institute (2001)
Boyd, C., Cliff, Y., Nieto, J., Paterson, K.: Efficient one-round key exchange in the standard model. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 69–83. Springer, Heidelberg (2008) http://eprint.iacr.org/2008/007
Chatterjee, S., Menezes, A., Ustaoglu, B.: Reusing static keys in key agreement protocols. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 39–56. Springer, Heidelberg (2009)
Diffie, W., van Oorschot, P., Wiener, M.: Authentication and authenticated key exchanges. Design. Code. Cryptogr. 2(2), 107–125 (1992)
Just, M., Vaudenay, S.: Authenticated multi-party key agreement. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 36–49. Springer, Heidelberg (1996)
Krawczyk, H.: HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005), http://eprint.iacr.org/2005/176
Kunz-Jacques, S., Pointcheval, D.: About the security of MTI/C0 and MQV. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 156–172. Springer, Heidelberg (2006)
Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An efficient protocol for authenticated key agreement. Design. Code. Cryptogr. 28(2), 119–134 (2003)
Menezes, A.: Another look at HMQV. J. Math. Cryptology 1(1), 47–64 (2007)
Menezes, A., Ustaoglu, B.: Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 261–270. ACM Press, New York (2008)
SP 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), National Institute of Standards and Technology (March 2007)
Ustaoglu, B.: Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS. Design. Code. Cryptogr. 46(3), 329–342 (2008), http://eprint.iacr.org/2007/123
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chatterjee, S., Menezes, A., Ustaoglu, B. (2010). Combined Security Analysis of the One- and Three-Pass Unified Model Key Agreement Protocols. In: Gong, G., Gupta, K.C. (eds) Progress in Cryptology - INDOCRYPT 2010. INDOCRYPT 2010. Lecture Notes in Computer Science, vol 6498. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17401-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-17401-8_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17400-1
Online ISBN: 978-3-642-17401-8
eBook Packages: Computer ScienceComputer Science (R0)