Security Requirements for Key Establishment Proof Models: Revisiting Bellare–Rogaway and Jeong–Katz–Lee Protocols

  • Kim-Kwang Raymond Choo
  • Yvonne Hitchcock
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3574)


We observe that the definitions of security in the computational complexity proof models of Bellare & Rogaway (1993) and Canetti & Krawczyk (2001) require two partners in the presence of a malicious adversary to accept the same session key, which we term a key sharing requirement. We then revisit the Bellare–Rogaway three-party key distribution (3PKD) protocol and the Jeong–Katz–Lee two-party authenticated key exchange protocol \(\mathcal{TS}2\), which carry claimed proofs of security in the Canetti & Krawczyk (2001) model and the Bellare & Rogaway (1993) model respectively. We reveal previously unpublished flaws in these protocols where we demonstrate that both protocols fail to satisfy the definition of security in the respective models. We present a new 3PKD protocol as an improvement with a proof of security in the Canetti & Krawczyk (2001) model and a simple fix to the specification of protocol \(\mathcal{TS}2\). We also identify several variants of the key sharing requirement and present a brief discussion.


Security Requirement Oracle Query Malicious Adversary Corrupt Query CK2001 Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Backes, M.: A Cryptographically Sound Dolev-Yao Style Security Proof of the Needham–Schroeder–Lowe Public–Key Protocol. IEEE Journal on Selected Areas in Communications 22(10), 2075–2086 (2004)CrossRefGoogle Scholar
  2. 2.
    Bauer, R.K., Berson, T.A., Feiertag, R.J.: A Key Distribution Protocol Using Event Markers. ACM Transactions on Computer Systems 1(3), 249–255 (1983)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Canetti, R., Krawczyk, H.: A Modular Approach to The Design and Analysis of Authentication and Key Exchange Protocols. In: Vitter, J. (ed.) 30th ACM Symposium on the Theory of Computing - STOC 1998, pp. 419–428. ACM Press, New York (1998)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 110–125. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Provably Secure Session Key Distribution: The Three Party Case. In: Tom Leighton, F., Borodin, A. (eds.) 27th ACM Symposium on the Theory of Computing - STOC 1995, pp. 57–66. ACM Press, New York (1995)CrossRefGoogle Scholar
  7. 7.
    Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. ACM Transactions on Computer Systems, 18–36. ACM Press (1990)Google Scholar
  8. 8.
    Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001); (Extended version available from, Scholar
  9. 9.
    Choo, K.-K.R., Boyd, C., Hitchcock, Y., Maitland, G.: On Session Identifiers in Provably Secure Protocols: The Bellare-Rogaway Three-Party Key Distribution Protocol Revisited. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 352–367. Springer, Heidelberg (2005); (Extended version available from Scholar
  10. 10.
    Javier, F., Fabrega, T., Herzog, J.C., Guttman, J.D.: Strand Spaces: Proving Security Protocols Correct. Journal of Computer Security 7, 191–230 (1999)Google Scholar
  11. 11.
    Jeong, I.R., Katz, J., Lee, D.H.: One-Round Protocols for Two-Party Authenticated Key Exchange. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 220–232. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. The CRC Press Series On Discrete Mathematics And Its Applications. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  13. 13.
    Otway, D., Rees, O.: Efficient and Timely Mutual Authentication. ACM Operating Systems Review 21(1), 8–10 (1987)CrossRefGoogle Scholar
  14. 14.
    Stern, J., Pointcheval, D., Malone-Lee, J., Smart, N.: Flaws in Applying Proof Methodologies to Signature Schemes. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 93–110. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Tin, Y.S.T., Boyd, C., Gonzalez-Nieto, J.M.: Provably Secure Key Exchange: An Engineering Approach. In: Australasian Information Security Workshop Conference on ACSW Frontiers 2003. Conferences in Research and Practice in Information Technology, vol. 21, Australian Computer Society (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Kim-Kwang Raymond Choo
    • 1
  • Yvonne Hitchcock
    • 1
  1. 1.Information Security InstituteQueensland University of TechnologyBrisbaneAustralia

Personalised recommendations