One-Round Protocols for Two-Party Authenticated Key Exchange

  • Ik Rae Jeong
  • Jonathan Katz
  • Dong Hoon Lee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3089)


Cryptographic protocol design in a two-party setting has often ignored the possibility of simultaneous message transmission by each of the two parties (i.e., using a duplex channel). In particular, most protocols for two-party key exchange have been designed assuming that parties alternate sending their messages (i.e., assuming a bidirectional half-duplex channel). However, by taking advantage of the communication characteristics of the network it may be possible to design protocols with improved latency. This is the focus of the present work.

We present a number of provably-secure protocols for two-party authenticated key exchange (AKE) which require only a single round. Our first protocol provides key independence only, and is analyzed in the random oracle model. This scheme matches the most efficient AKE protocols among those found in the literature. Our second scheme additionally provides forward secrecy, and is also analyzed in the random oracle model. Our final protocol provides the same strong security guarantees, but is proven secure in the standard model. This scheme is only slightly less efficient (from a computational perspective) than the previous ones. These last two schemes are the first provably-secure one-round protocols for authenticated 2-party key exchange which provide forward secrecy.


Authenticated key exchange Forward secrecy Round complexity Diffie-Hellman key exchange 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ankney, R., Johnson, D., Matyas, M.: The Unified Model. Contribution to ANSI X9F1 (October 1995)Google Scholar
  2. 2.
    Ateniese, G., Steiner, M., Tsudik, G.: New Multi-Party Authentication Services and Key Agreement Protocols. IEEE Journal of Selected Areas in Communications 18(4), 628–639 (2000)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Canetti, R., Krawczyk, H.: A Modular Approach to the Design and Analysis of Authentication and Key Exchange Protocols. In: Proc. 30th Annual Symposium on the Theory of Computing, pp. 419–428. ACM, New York (1998)Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  5. 5.
    Bird, R., Gopal, I., Herzberg, A., Janson, P., Kutten, S., Molva, R., Yung, M.: Systematic Design of Two-Party Authentication Protocols. IEEE Journal on Selected Areas in Communications 11(5), 679–693 (1993)CrossRefGoogle Scholar
  6. 6.
    Blake-Wilson, S., Johnson, D., Menezes, A.: Key Agreement Protocols and their Security Analysis. In: Sixth IMA International Conference on Cryptography and Coding, Conference on Cryptography and Coding, volume 1335, pages 30–45, vol. 1335, pp. 30–45. ACM, New York (1997)Google Scholar
  7. 7.
    Blake-Wilson, S., Menezes, A.: Authenticated Diffie-Hellman Key Agreement Protocols. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 339–361. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. 8.
    Boyd, C.: On Key Agreement and Conference Key Agreement. In: Mu, Y., Pieprzyk, J.P., Varadharajan, V. (eds.) ACISP 1997. LNCS, vol. 1270, pp. 294–302. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  9. 9.
    Boyd, C., Nieto, J.M.G.: Round-Optimal Contributory Conference Key Agreement. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 161–174. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Bresson, E., Chevassut, O., Pointcheval, D.: Provably Authenticated Group Diffie-Hellman Key Exchange — The Dynamic Case. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 290–309. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Bresson, E., Chevassut, O., Pointcheval, D.: Dynamic Group Diffie- Hellman Key Exchange under Standard Assumptions. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 321–336. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably Authenticated Group Diffie-Hellman Key Exchange. ACM Conference on Computer and Communications Security, 255–264 (2001)Google Scholar
  13. 13.
    Burmester, M., Desmedt, Y.: A Secure and Efficient Conference Key Distribution System. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 275–286. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  14. 14.
    Canetti, R., Krawczyk, H.: Universally Composable Notions of Key Exchange and Secure Channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Denning, D., Sacco, G.M.: Timestamps in Key Distribution Protocols. Comm. ACM 24(8), 533–536 (1981)CrossRefGoogle Scholar
  16. 16.
    Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Diffie, W., van Oorschot, P., Wiener, M.: Authentication and Authenticated Key Exchanges. Cryptography 2(2), 107–125 (1992)CrossRefMathSciNetGoogle Scholar
  18. 18.
    Ingemarasson, I., Tang, D.T., Wong, C.K.: A Conference Key Distribution System. IEEE Transactions on Information Theory 28(5), 714–720 (1982)CrossRefGoogle Scholar
  19. 19.
    Jeong, I.R., Katz, J., Lee, D.H.: Full version of this paper, Available at
  20. 20.
    Just, M., Vaudenay, S.: Authenticated Multi-Party Key Agreement. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 36–49. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  21. 21.
    Katz, J., Yung, M.: Scalable Protocols for Authenticated Group Key Exchange. In: Advances in Cryptology — CRYPTO (2003)Google Scholar
  22. 22.
    Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An Efficient Protocol for Authenticated Key Agreement. Technical report CORR 98-05, University of Waterloo (1988)Google Scholar
  23. 23.
    Matsumoto, T., Takashima, Y., Imai, H.: On Seeking Smart Public-Key Distribution Systems. The Transactions of the IECE of Japan, E69, pp. 99–106 (1986)Google Scholar
  24. 24.
    National Security Agency. SKIPJACK and KEA algorithm specification. Version 2.0, May 29 (1998)Google Scholar
  25. 25.
    Shoup, V.: On Formal Models for Secure Key Exchange, Available at
  26. 26.
    Steiner, M., Tsudik, G., Waidner, M.: Diffie-Hellman Key Distribution Extended to Group Communication. In: ACM Conference on Computer and Communications Security, pp. 31–37 (1996)Google Scholar
  27. 27.
    Tzeng, W.-G.: A Practical and Secure-Fault-Tolerant Conference-Key Agreement Protocol. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 1–13. Springer, Heidelberg (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Ik Rae Jeong
    • 1
  • Jonathan Katz
    • 2
  • Dong Hoon Lee
    • 1
  1. 1.Center for Information Security Technologies (CIST)Korea UniversitySeoulKorea
  2. 2.Dept. of Computer ScienceUniversity of MarylandCollege ParkUSA

Personalised recommendations