Skip to main content
SpringerLink
Log in

An Efficient Protocol for Authenticated Key Agreement

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

This paper proposes an efficient two-pass protocol for authenticated key agreement in the asymmetric (public-key) setting. The protocol is based on Diffie-Hellman key agreement and can be modified to work in an arbitrary finite group and, in particular, elliptic curve groups. Two modifications of this protocol are also presented: a one-pass authenticated key agreement protocol suitable for environments where only one entity is on-line, and a three-pass protocol in which key confirmation is additionally provided. Variants of these protocols have been standardized in IEEE P1363 [17], ANSI X9.42 [2], ANSI X9.63 [4] and ISO 15496-3 [18], and are currently under consideration for standardization and by the U.S. government's National Institute for Standards and Technology [30].

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. R. Anderson and S. Vaudenay, Minding your p's and q's, '96, Lecture Notes in Computer Science, Vol. 1163, Springer-Verlag (1996) pp. 26–35.

  2. ANSI X9.42, Agreement of Symmetric Algorithm Keys Using Diffie-Hellman (2001).

  3. ANSI X9.62, The Elliptic Curve Digital Signature Algorithm (ECDSA) (1999).

  4. ANSI X9.63, Elliptic Curve Key Agreement and Key Transport Protocols (2001).

  5. M. Bellare, R. Canetti and H. Krawczyk, Keying hash functions for message authentication, '96, Lecture Notes in Computer Science, Vol. 1109, Springer-Verlag (1996) pp. 1–15.

  6. M. Bellare, R. Canetti and H. Krawczyk, A modular approach to the design and analysis of authentication and key exchange protocols, In Proceedings of the 30th Annual ACM Symposium on the Theory of Computing (1998) pp. 419–428.

  7. M. Bellare and P. Rogaway, Entity authentication and key distribution, '93, Lecture Notes in Computer Science, Vol. 773, Springer-Verlag (1994) pp. 232–249.

  8. S. Blake-Wilson, D. Johnson and A. Menezes, Key agreement protocols and their security analysis, In Proceedings of the sixth IMA International Conference on Cryptography and Coding, Lecture Notes in Computer Science, Vol. 1355, Springer-Verlag (1997) pp. 30–45.

  9. M. Burmester, On the risk of opening distributed keys, '94, Lecture Notes in Computer Science, Vol. 839, Springer-Verlag (1994) pp. 308–317.

  10. R. Canetti and H. Krawczyk, Analysis of key-exchange protocols and their use for building secure channels, Advances in Cryptology- Eurocrypt 2001, Lecture Notes in Computer Science, Vol. 2045, Springer-Verlag (2001) pp. 453–474.

  11. D. Chaum, J.-H. Evertse and J. van de Graaf, An improved protocol for demonstrating possession of discrete logarithms and some generalizations, '87, Lecture Notes in Computer Science, Vol. 304, Springer-Verlag (1988) pp. 127–141.

  12. Y. Desmedt and M. Burmester, Towards practical 'proven secure' authenticated key distribution, 1st ACM Conference on Computer and Communications Security (1993) pp. 228–231.

  13. W. Diffie and M. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory, Vol. 22 (1976) pp. 644–654.

    Google Scholar 

  14. W. Diffie, P. van Oorschot and M.Wiener, Authentication and authenticated key exchanges, Designs, Codes and Cryptography, Vol. 2 (1992) pp. 107–125.

    Google Scholar 

  15. G. Frey and H. Rück, A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves, Mathematics of Computation, Vol. 62 (1994) pp. 865–874.

    Google Scholar 

  16. K. C. Goss, Cryptographic method and apparatus for public key exchange with authentication, U.S. patent 4,956,865, September 11 (1990).

  17. IEEE P1363-2000, Standard Specifications for Public-Key Cryptography (2000).

  18. ISO/IEC 15946-3, Information Technology- Security Techniques- Cryptographic Techniques Based on Elliptic Curves, Part 3; Key Establishment (2002).

  19. D. Johnson, Contribution to ANSI X9F1 working group (1997).

  20. M. Just and S. Vaudenay, Authenticated multi-party key agreement, '96, Lecture Notes in Computer Science, Vol. 1163, Springer-Verlag (1996) pp. 36–49.

  21. B. Kaliski, Contribution to ANSI X9F1 and IEEE P1363 working groups, June (1998).

  22. B. Kaliski, An unknown key-share attack on the MQV key agreement protocol, ACM Transactions on Information and System Security, Vol. 4 (2001) pp. 275–288.

    Google Scholar 

  23. C. Lim and P. Lee, A key recovery attack on discrete log-based schemes using a prime order subgroup, '97, Lecture Notes in Computer Science, Vol. 1294, Springer-Verlag (1997) pp. 249–263.

  24. T. Matsumoto,Y. Takashima and H. Imai, Onseeking smart public-key distribution systems, The Transactions of the IECE of Japan, Vol. E69 (1986) pp. 99–106.

    Google Scholar 

  25. A. Menezes, T. Okamoto and S. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Transactions on Information Theory, Vol. 39 (1993) pp. 1639–1646.

    Google Scholar 

  26. A. Menezes, M. Qu and S. Vanstone, Key agreement and the need for authentication, Presentation at PKS '95, Toronto, Canada, November (1995).

  27. C. Mitchell, M. Ward and P. Wilson, Key control in key agreement protocols. Electronics Letters, Vol. 34 (1998) pp. 980–981.

    Google Scholar 

  28. National Institute of Standards and Technology, Secure Hash Standard (SHS), FIPS Publication 180-1, April (1995).

  29. National Institute of Standards and Technology, Digital signature standard, FIPS Publication 186-2, (1999).

  30. National Institute of Standards and Technology, Second key management workshop, November (2001).

  31. National Security Agency, SKIPJACK and KEA algorithm specification, Version 2.0, May 29 (1998).

  32. S. Pohlig and M. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Transactions on Information Theory, Vol. 24 (1978) pp. 106–110.

    Google Scholar 

  33. J. Pollard, Monte Carlo methods for index computation mod p, Mathematics of Computation, Vol. 32 (1978) pp. 918–924.

    Google Scholar 

  34. T. Satoh and K. Araki, Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves, Commentarii Mathematici Universitatis Sancti Pauli, Vol. 47 (1998) pp. 81–92.

    Google Scholar 

  35. I. Semaev, Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p, Mathematics of Computation, Vol. 67 (1998) pp. 353–356.

    Google Scholar 

  36. V. Shoup, On formal models for secure key exchange, available from Theory of Cryptography Library, http://philby.ucsd.edu/cryptolib, April 1999. Revised November (1999).

  37. N. Smart, The discrete logarithm problem on elliptic curves of trace one, Journal of Cryptology, Vol. 12 (1999) pp. 193–196.

    Google Scholar 

  38. J. Solinas, Low-weight binary representations for pairs of integers, Technical Report CORR 2001-48, Department of C&O, University of Waterloo (2001).

  39. P. van Oorschot and M. Wiener, On Diffie-Hellman key agreement with short exponents, '96, Lecture Notes in Computer Science, Vol. 1070, Springer-Verlag (1996) pp. 332–343.

  40. Y. Yacobi, A key distribution paradox, '90, Lecture Notes in Computer Science, Vol. 537, Springer-Verlag (1991) pp. 268–273.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Security Agency, 9800 Savage Road, Suite 6511, Ft, George G. Meade, MD, 20755-6511, USA

    Laurie Law

  2. Dept. of C&O, University of Waterloo, Waterloo, Ontario, Canada, N2L 3G1

    Alfred Menezes & Scott Vanstone

  3. Certicom Research, 5520 Explorer Drive, 4th Floor, Mississauga, Ontario, Canada, L4W 5L1

    Minghua Qu

  4. National Security Agency, 9800 Savage Road, Suite 6511, Ft. George G. Meade, MD, 20755-6511, USA

    Jerry Solinas

Authors
  1. Laurie Law
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alfred Menezes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Minghua Qu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jerry Solinas
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Scott Vanstone
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Law, L., Menezes, A., Qu, M. et al. An Efficient Protocol for Authenticated Key Agreement. Designs, Codes and Cryptography 28, 119–134 (2003). https://doi.org/10.1023/A:1022595222606

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/A:1022595222606

Search

Navigation