SAS-Based Authenticated Key Agreement

  • Sylvain Pasini
  • Serge Vaudenay
Conference paper

DOI: 10.1007/11745853_26

Part of the Lecture Notes in Computer Science book series (LNCS, volume 3958)
Cite this paper as:
Pasini S., Vaudenay S. (2006) SAS-Based Authenticated Key Agreement. In: Yung M., Dodis Y., Kiayias A., Malkin T. (eds) Public Key Cryptography - PKC 2006. PKC 2006. Lecture Notes in Computer Science, vol 3958. Springer, Berlin, Heidelberg

Abstract

Key agreement protocols are frequently based on the Diffie-Hellman protocol but require authenticating the protocol messages in two ways. This can be made by a cross-authentication protocol. Such protocols, based on the assumption that a channel which can authenticate short strings is available (SAS-based), have been proposed by Vaudenay. In this paper, we survey existing protocols and we propose a new one. Our proposed protocol requires three moves and a single SAS to be authenticated in two ways. It is provably secure in the random oracle model. We can further achieve security with a generic construction (e.g. in the standard model) at the price of an extra move. We discuss applications such as secure peer-to-peer VoIP.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Sylvain Pasini
    • 1
  • Serge Vaudenay
    • 1
  1. 1.EPFLLausanneSwitzerland

Personalised recommendations