Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS
- 234 Downloads
LaMacchia, Lauter and Mityagin recently presented a strong security definition for authenticated key agreement strengthening the well-known Canetti-Krawczyk definition. They also described a protocol, called NAXOS, that enjoys a simple security proof in the new model. Compared to MQV and HMQV, NAXOS is less efficient and cannot be readily modified to obtain a one-pass protocol. On the other hand MQV does not have a security proof, and the HMQV security proof is extremely complicated. This paper proposes a new authenticated key agreement protocol, called CMQV (‘Combined’ MQV), which incorporates design principles from MQV, HMQV and NAXOS. The new protocol achieves the efficiency of HMQV and admits a natural one-pass variant. Moreover, we present a relatively simple and intuitive proof that CMQV is secure in the LaMacchia-Lauter-Mityagin model.
KeywordsKey agreement protocols MQV Provable security
Unable to display preview. Download preview PDF.
- 1.Antipa A., Brown D., Menezes A., Struik R., Vanstone S. (2003) Validation of elliptic curve public keys. Public Key Cryptography – PKC 2003, LNCS 2567: 211–223Google Scholar
- 3.Bellare M., Pointcheval D., Rogaway P. (2001) Authenticated key exchange secure against dictionary attacks. Advances in Cryptol. – EUROCRYPT 2001, LNCS 1807: 139–155Google Scholar
- 4.Bellare M., Rogaway P. (1993) Entity authentication and key distribution. Advances in Cryptol. – CRYPTO ’93, LNCS 773: 110–125Google Scholar
- 5.Blake-Wilson S., Menezes A. (1999) Unknown key-share attacks on the station-to-station STS protocol. Public Key Cryptography – PKC ’99, LNCS 1560: 154–170Google Scholar
- 6.Canetti R., Krawczyk H.: Analysis of key-exchange protocols and their use for building secure channels. Advances in Cryptology – EUROCRYPT 2001, LNCS, vol. 2045, pp. 453–474, Full version available at http://eprint.iacr.org/2001/040 (2001).
- 8.Krawczyk H.: HMQV: A high-performance secure Diffie-Hellman protocol. Advances in Cryptology – CRYPTO 2005, LNCS, vol. 3621, pp. 546–566, Full version available at http://eprint.iacr.org/2005/176 (2005).
- 9.Krawczyk H.: HMQV in IEEE P1363. submission to the IEEE P1363 working group, July 2006, http://grouper.ieee.org/groups/1363/P1363-Reaffirm/submissions/krawczyk-hmqv-spec.pdf.
- 11.LaMacchia B., Lauter K., Mityagin A.: Stronger security of authenticated key exchange. ProvSec 2007, LNCS, vol. 4784, pp. 1–16, Preliminary version available at http://eprint.iacr.org/2006/073 (2007).
- 17.Menezes A., van Oorschot P., Vanstone S.: Handbook of Applied Cryptography. CRC Press, Boca Raton, Florida, USA (1997).Google Scholar