Modular Security Proofs for Key Agreement Protocols

  • Caroline Kudla
  • Kenneth G. Paterson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3788)


The security of key agreement protocols has traditionally been notoriously hard to establish. In this paper we present a modular approach to the construction of proofs of security for a large class of key agreement protocols. By following a modular approach to proof construction, we hope to enable simpler and less error-prone analysis and proof generation for such key agreement protocols. The technique is compatible with Bellare-Rogaway style models as well as the more recent models of Bellare et al. and Canetti and Krawczyk. In particular, we show how the use of a decisional oracle can aid the construction of proofs of security for this class of protocols and how the security of these protocols commonly reduces to some form of Gap assumption.


  1. 1.
    Abdalla, M., Chevassut, O., Pointcheval, D.: One-time verifier-based encrypted key exchange. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 47–64. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Al-Riyami, S.S., Paterson, K.G.: Authenticated three party key agreement protocols from pairings. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 332–359. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Barreto, P.S.L.M., McCullagh, N.: A new two-party identity-based authenticated key agreement. Cryptology ePrint Archive, Report 2004/122 (2005),
  4. 4.
    Barreto, P.S.L.M., McCullagh, N.: A new two-party identity-based authenticated key agreement. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 262–274. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols. In: Proceedings of the 30th Annual Symposium on the Theory of Computing, pp. 419–428. ACM, New York (1998)Google Scholar
  6. 6.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  8. 8.
    Bellare, M., Rogaway, P.: Provably secure session key distribution: The three party case. In: Proceedings of the 27th Annual ACM Symposium on Theory of Computing STOC, pp. 57–66. ACM, New York (1995)Google Scholar
  9. 9.
    Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997)Google Scholar
  10. 10.
    Boyd, C., Choo, K.-K.R., Hitchcock, Y.: On session key construction in provably-secure key establishment protocols. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 116–131. Springer, Heidelberg (2005), CrossRefGoogle Scholar
  11. 11.
    Boyd, C., Mao, W., Paterson, K.: Key agreement using statically keyed authenticators. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 388–401. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Boyd, C., González Nieto, J.M., Hitchcock, Y.: Tripartite key exchange in the Canetti-Krawczyk proof model. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 388–401. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Boyd, C., González Nieto, J.M., Hitchcock, Y., Montague, P., Tin, Y.S.T.: A password-based authenticator: Security proof and applications. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 388–401. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Boyd, C., González Nieto, J.M., Tin, Y.S.T.: Provably secure mobile key exchange: Applying the Canetti-Krawczyk approach. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 166–179. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Chen, L., Kudla, C.: Identity based authenticated key agreement from pairings. Cryptology ePrint Archive, Report 2002/184 (2002),
  18. 18.
    Chen, L., Kudla, C.: Identity based authenticated key agreement from pairings. In: IEEE Computer Security Foundations Workshop – CSFW-16 2003, pp. 219–233. IEEE Computer Society Press, Los Alamitos (2003)CrossRefGoogle Scholar
  19. 19.
    Diffie, W., van Oorschot, P.C., Weiner, M.J.: Authentication and authenticated key exchange. Designs, Codes and Cryptography 2, 107–125 (1992)CrossRefGoogle Scholar
  20. 20.
    Jakobsson, M., Pointcheval, D.: Mutual authentication and key exchange protocol for low power devices. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, pp. 178–195. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. 21.
    Jeong, I.R., Katz, J., Lee, D.H.: One-round protocols for two-party authenticated key exchange. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 220–232. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110–125. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.A.: An efficient protocol for authenticated key agreement. Designs, Codes and Cryptography 28(2), 119–134 (2003)MATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Matsumoto, T., Takashima, Y., Imai, H.: On seeking smart public-key-distribution systems. Electronics Letters E69(2), 99–106 (1986)Google Scholar
  25. 25.
    Okamoto, T., Pointcheval, D.: The gap-problems: A new class of problems for the security of cryptographic schemes. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Shoup, V.: On formal models for secure key exchange. IBM Technical Report RZ 3120 (1999),
  27. 27.
    Smart, N.P.: An identity based authenticated key agreement protocol based on the Weil pairing. Electronics Letters 38(13), 630–632 (2002)CrossRefMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Caroline Kudla
    • 1
  • Kenneth G. Paterson
    • 1
  1. 1.Information Security GroupRoyal Holloway, University of LondonUK

Personalised recommendations