Reusing Static Keys in Key Agreement Protocols

  • Sanjit Chatterjee
  • Alfred Menezes
  • Berkant Ustaoglu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5922)

Abstract

Contrary to conventional cryptographic wisdom, the NIST SP 800-56A standard explicitly allows the use of a static key pair in more than one of the key establishment protocols described in the standard. In this paper, we give examples of key establishment protocols that are individually secure, but which are insecure when static key pairs are reused in two of the protocols. We also propose an enhancement of the extended Canetti-Krawczyk security model and definition for the situation where static public keys are reused in two or more key agreement protocols.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    ANSI X9.42, Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, American National Standards Institute (2003)Google Scholar
  2. 2.
    ANSI X9.63, Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport Using Elliptic Curve Cryptography, American National Standards Institute (2001)Google Scholar
  3. 3.
    Anderson, R., Needham, R.: Robustness principles for public key protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 236–247. Springer, Heidelberg (1995)Google Scholar
  4. 4.
    Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997)Google Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Boyd, C., Cliff, Y., Nieto, J., Paterson, K.: Efficient one-round key exchange in the standard model. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 69–83. Springer, Heidelberg (2008), http://eprint.iacr.org/2008/007 CrossRefGoogle Scholar
  7. 7.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001), http://eprint.iacr.org/2001/040 CrossRefGoogle Scholar
  8. 8.
    Chatterjee, S., Menezes, A., Ustaoglu, B.: Reusing static keys in key agreement protools (full version), Technical Report CACR 2009-36, http://www.cacr.math.uwaterloo.ca/techreports/2009/cacr2009-36.pdf
  9. 9.
    Coron, J., Joye, M., Naccache, D., Paillier, P.: Universal padding schemes for RSA. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 226–241. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999)Google Scholar
  11. 11.
    Gligoroski, D., Andova, S., Knapskog, S.: On the importance of the key separation principle for different modes of operation. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 404–418. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Hess, F.: Efficient identity based signature schemes based on pairings. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 310–324. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Kelsey, J., Schneier, B., Wagner, D.: Protocol interactions and the chosen protocol attack. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 91–104. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  14. 14.
    LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Lauter, K., Mityagin, A.: Security analysis of KEA authenticated key exchange. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 378–394. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An efficient protocol for authenticated key agreement. Designs, Codes and Cryptography 28, 119–134 (2003)MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Matsumoto, T., Takashima, Y., Imai, H.: On seeking smart public-key distribution systems. The Transactions of the IECE of Japan E69, 99–106 (1986)Google Scholar
  18. 18.
    Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)MATHGoogle Scholar
  19. 19.
    Menezes, A., Ustaoglu, B.: Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard. In: Proceedings of ASIACCS 2008, pp. 261–270. ACM Press, New York (2008)CrossRefGoogle Scholar
  20. 20.
    Menezes, A., Ustaoglu, B.: Comparing the pre- and post-specified peer models for key agreement. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 53–68. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    NIST, SKIPJACK and KEA Algorithm Specifications (1998), http://csrc.nist.gov/groups/ST/toolkit/documents/skipjack/skipjack.pdf
  22. 22.
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology 13, 361–396 (2000)MATHCrossRefGoogle Scholar
  23. 23.
    SP 800-56A, Special Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), National Institute of Standards and Technology (March 2007)Google Scholar
  24. 24.
    Vasco, M., Hess, F., Steinwandt, R.: Combined (identity-based) public key schemes, Cryptology ePrint Archive Report 2008/466, http://eprint.iacr.org/2008/466

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Sanjit Chatterjee
    • 1
  • Alfred Menezes
    • 1
  • Berkant Ustaoglu
    • 2
  1. 1.Department of Combinatorics & OptimizationUniversity of Waterloo 
  2. 2.NTT Information Sharing Platform LaboratoriesTokyoJapan

Personalised recommendations