Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels

  • Ran Canetti
  • Hugo Krawczyk
Conference paper

DOI: 10.1007/3-540-44987-6_28

Part of the Lecture Notes in Computer Science book series (LNCS, volume 2045)
Cite this paper as:
Canetti R., Krawczyk H. (2001) Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann B. (eds) Advances in Cryptology — EUROCRYPT 2001. EUROCRYPT 2001. Lecture Notes in Computer Science, vol 2045. Springer, Berlin, Heidelberg


We present a formalism for the analysis of key-exchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits: (i) any key-exchange protocol that satisfies the security definition can be composed with symmetric encryption and authentication functions to provide provably secure communication channels (as defined here); and (ii) the definition allows for simple modular proofs of security: one can design and prove security of key-exchange protocols in an idealized model where the communication links are perfectly authenticated, and then translate them using general tools to obtain security in the realistic setting of adversary-controlled links.

We exemplify the usability of our results by applying them to obtain the proof of two classes of key-exchange protocols, Diffie-Hellman and key-transport, authenticated via symmetric or asymmetric techniques.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Ran Canetti
    • 1
  • Hugo Krawczyk
    • 2
  1. 1.IBM T.J. Watson Research CenterYorktown Heights
  2. 2.EE DepartmentTechnionHaifaIsrael

Personalised recommendations