One-Round Protocols for Two-Party Authenticated Key Exchange
Cryptographic protocol design in a two-party setting has often ignored the possibility of simultaneous message transmission by each of the two parties (i.e., using a duplex channel). In particular, most protocols for two-party key exchange have been designed assuming that parties alternate sending their messages (i.e., assuming a bidirectional half-duplex channel). However, by taking advantage of the communication characteristics of the network it may be possible to design protocols with improved latency. This is the focus of the present work.
We present a number of provably-secure protocols for two-party authenticated key exchange (AKE) which require only a single round. Our first protocol provides key independence only, and is analyzed in the random oracle model. This scheme matches the most efficient AKE protocols among those found in the literature. Our second scheme additionally provides forward secrecy, and is also analyzed in the random oracle model. Our final protocol provides the same strong security guarantees, but is proven secure in the standard model. This scheme is only slightly less efficient (from a computational perspective) than the previous ones. These last two schemes are the first provably-secure one-round protocols for authenticated 2-party key exchange which provide forward secrecy.
KeywordsAuthenticated key exchange Forward secrecy Round complexity Diffie-Hellman key exchange
Unable to display preview. Download preview PDF.
- 1.Ankney, R., Johnson, D., Matyas, M.: The Unified Model. Contribution to ANSI X9F1 (October 1995)Google Scholar
- 3.Bellare, M., Canetti, R., Krawczyk, H.: A Modular Approach to the Design and Analysis of Authentication and Key Exchange Protocols. In: Proc. 30th Annual Symposium on the Theory of Computing, pp. 419–428. ACM, New York (1998)Google Scholar
- 4.Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
- 6.Blake-Wilson, S., Johnson, D., Menezes, A.: Key Agreement Protocols and their Security Analysis. In: Sixth IMA International Conference on Cryptography and Coding, Conference on Cryptography and Coding, volume 1335, pages 30–45, vol. 1335, pp. 30–45. ACM, New York (1997)Google Scholar
- 12.Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably Authenticated Group Diffie-Hellman Key Exchange. ACM Conference on Computer and Communications Security, 255–264 (2001)Google Scholar
- 19.Jeong, I.R., Katz, J., Lee, D.H.: Full version of this paper, Available at http://cist.korea.ac.kr/e_cist/e_index.htm
- 21.Katz, J., Yung, M.: Scalable Protocols for Authenticated Group Key Exchange. In: Advances in Cryptology — CRYPTO (2003)Google Scholar
- 22.Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An Efficient Protocol for Authenticated Key Agreement. Technical report CORR 98-05, University of Waterloo (1988)Google Scholar
- 23.Matsumoto, T., Takashima, Y., Imai, H.: On Seeking Smart Public-Key Distribution Systems. The Transactions of the IECE of Japan, E69, pp. 99–106 (1986)Google Scholar
- 24.National Security Agency. SKIPJACK and KEA algorithm specification. Version 2.0, May 29 (1998)Google Scholar
- 25.Shoup, V.: On Formal Models for Secure Key Exchange, Available at http://eprint.iacr.org
- 26.Steiner, M., Tsudik, G., Waidner, M.: Diffie-Hellman Key Distribution Extended to Group Communication. In: ACM Conference on Computer and Communications Security, pp. 31–37 (1996)Google Scholar
- 27.Tzeng, W.-G.: A Practical and Secure-Fault-Tolerant Conference-Key Agreement Protocol. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 1–13. Springer, Heidelberg (2000)Google Scholar