A Generic Variant of NIST’s KAS2 Key Agreement Protocol
We propose a generic three-pass key agreement protocol that is based on a certain kind of trapdoor one-way function family. When specialized to the RSA setting, the generic protocol yields the so-called KAS2 scheme that has recently been standardized by NIST. On the other hand, when specialized to the discrete log setting, we obtain a new protocol which we call DH2. An interesting feature of DH2 is that parties can use different groups (e.g., different elliptic curves). The generic protocol also has a hybrid implementation, where one party has an RSA key pair and the other party has a discrete log key pair. The security of KAS2 and DH2 is analyzed in an appropriate modification of the extended Canetti-Krawczyk security model.
KeywordsRandom Oracle Incoming Message Matching Session Fresh Session
Unable to display preview. Download preview PDF.
- 1.ANSI X9.44, Public Key Cryptography for the Financial Services Industry: Key Establishment Using Integer Factorization Cryptography, American National Standards Institute (2007)Google Scholar
- 6.Chatterjee, S., Menezes, A., Ustaoglu, B.: Reusing static keys in key agreement protocols. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 39–56. Springer, Heidelberg (2009), http://www.cacr.math.uwaterloo.ca/techreports/2009/cacr2009-36.pdf CrossRefGoogle Scholar
- 8.Chatterjee, S., Menezes, A., Ustaoglu, B.: A generic variant of NIST’s KAS2 key agreement protocol, full version, Technical Report CACR 2011-09, http://www.cacr.math.uwaterloo.ca/techreports/2011/cacr2011-09.pdf
- 9.FIPS 186-3, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-3, National Institute of Standards and Technology (2009)Google Scholar
- 14.Matsumoto, T., Takashima, Y., Imai, H.: On seeking smart public-key distribution systems. The Transactions of the IECE of Japan E69, 99–106 (1986)Google Scholar
- 16.SP 800-56A, Special Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), National Institute of Standards and Technology (March 2007)Google Scholar
- 17.SP 800-56B, Special Publication 800-56B, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography, National Institute of Standards and Technology (August 2009)Google Scholar