Combined Security Analysis of the One- and Three-Pass Unified Model Key Agreement Protocols

  • Sanjit Chatterjee
  • Alfred Menezes
  • Berkant Ustaoglu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6498)


The unified model (UM) is a family of key agreement protocols that has been standardized by ANSI and NIST. The NIST standard explicitly permits the reuse of a static key pair among the one-pass and three-pass UM protocols. However, a recent study demonstrated that such reuse can lead to security vulnerabilities. In this paper we revisit the security of the one- and three-pass UM protocols when static key pairs are reused. We propose a shared security model that incorporates the individual security attributes of the two protocols. We then show, provided appropriate measures are taken, that the protocols are secure even when static key pairs are reused.


Random Oracle Security Model Negligible Probability Protocol Description Matching Session 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    ANSI X9.42, Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, American National Standards Institute (2003)Google Scholar
  2. 2.
    ANSI X9.63, Key Agreement and Key Transport Using Elliptic Curve Cryptography, American National Standards Institute (2001)Google Scholar
  3. 3.
    Boyd, C., Cliff, Y., Nieto, J., Paterson, K.: Efficient one-round key exchange in the standard model. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 69–83. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  4. 4.
    Chatterjee, S., Menezes, A., Ustaoglu, B.: Reusing static keys in key agreement protocols. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 39–56. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Diffie, W., van Oorschot, P., Wiener, M.: Authentication and authenticated key exchanges. Design. Code. Cryptogr. 2(2), 107–125 (1992)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Just, M., Vaudenay, S.: Authenticated multi-party key agreement. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 36–49. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  7. 7.
    Krawczyk, H.: HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005), CrossRefGoogle Scholar
  8. 8.
    Kunz-Jacques, S., Pointcheval, D.: About the security of MTI/C0 and MQV. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 156–172. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An efficient protocol for authenticated key agreement. Design. Code. Cryptogr. 28(2), 119–134 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Menezes, A.: Another look at HMQV. J. Math. Cryptology 1(1), 47–64 (2007)MathSciNetzbMATHGoogle Scholar
  11. 11.
    Menezes, A., Ustaoglu, B.: Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 261–270. ACM Press, New York (2008)Google Scholar
  12. 12.
    SP 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), National Institute of Standards and Technology (March 2007)Google Scholar
  13. 13.
    Ustaoglu, B.: Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS. Design. Code. Cryptogr. 46(3), 329–342 (2008), MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Sanjit Chatterjee
    • 1
  • Alfred Menezes
    • 1
  • Berkant Ustaoglu
    • 2
  1. 1.Department of Combinatorics & OptimizationUniversity of WaterlooCanada
  2. 2.NTT Information Sharing Platform LaboratoriesTokyoJapan

Personalised recommendations