Errors in Computational Complexity Proofs for Protocols

  • Kim-Kwang Raymond Choo
  • Colin Boyd
  • Yvonne Hitchcock
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3788)


Proofs are invaluable tools in assuring protocol implementers about the security properties of protocols. However, several instances of undetected flaws in the proofs of protocols (resulting in flawed protocols) undermine the credibility of provably-secure protocols. In this work, we examine several protocols with claimed proofs of security by Boyd & González Nieto (2003), Jakobsson & Pointcheval (2001), and Wong & Chan (2001), and an authenticator by Bellare, Canetti, & Krawczyk (1998). Using these protocols as case studies, we reveal previously unpublished flaws in these protocols and their proofs. We hope our analysis will enable similar mistakes to be avoided in the future.


Signature Scheme Oracle Query Malicious Adversary Corrupt Query CK2001 Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    An, J.H., Dodis, Y., Rabin, T.: On the Security of Joint Signature and Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 83–107. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Canetti, R., Krawczyk, H.: A Modular Approach to The Design and Analysis of Authentication and Key Exchange Protocols. In: STOC 1998, pp. 419–428. ACM Press, New York (1998)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Provably Secure Session Key Distribution: The Three Party Case. In: STOC 1995, pp. 57–66. ACM Press, New York (1995)CrossRefGoogle Scholar
  6. 6.
    Bleichenbacher, D.: Breaking a Cryptographic Protocol with Pseudoprimes. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 9–15. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2003)Google Scholar
  8. 8.
    Boyd, C., González Nieto, J.M.: Round-optimal Contributory Conference Key Agreement. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 161–174. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Bresson, E., Chevassut, O., Pointcheval, D.: Provably Authenticated Group Diffie–Hellman Key Exchange — The Dynamic Case. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 209–223. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 453–474. Springer, Heidelberg (2001); (Extended version available from
  11. 11.
    Choo, K.-K.R., Boyd, C., Hitchcock, Y.: On Session Key Construction in Provably Secure Protocols. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 116–131. Springer, Heidelberg (2005); (Extended version available from
  12. 12.
    Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and Authenticated Key Exchange. Journal of Designs, Codes and Cryptography, 107–125 (1992)Google Scholar
  13. 13.
    Dolev, D., Yao, A.C.: On the Security of Public Key Protocols. IEEE Transaction of Information Technology, 198–208 (1983)Google Scholar
  14. 14.
    Goldwasser, S., Micali, S.: Probabilisitic Encryption. Journal of Computer and System Sciences, 270–299 (1984)Google Scholar
  15. 15.
    Hitchcock, Y., Tin, Y.-S.T., Boyd, C., González Nieto, J.M.: Tripartite Key Exchange in the Canetti-Krawczyk Proof Model. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 17–32. Springer, Heidelberg (2004); (Extended version available from
  16. 16.
    Hitchcock, Y., Tin, Y.-S.T., Boyd, C., González Nieto, J.M., Montague, P.: A Password-Based Authenticator: Security Proof and Applications. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 388–401. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Hwang, Y.H., Yum, D.H., Lee, P.J.: EPA: An Efficient Password-Based Protocal for Authenticated Key Exchange. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727. Springer, Heidelberg (2003)Google Scholar
  18. 18.
    Jakobsson, M., Pointcheval, D.: Mutual Authentication and Key Exchange Protocol for Low Power Devices. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, pp. 169–186. Springer, Heidelberg (2002)Google Scholar
  19. 19.
    Kaliski, B.S.: An Unknown Key-Share Attack on the MQV Key Agreement Protocol. ACM Transactions on Information and System Security (TISSEC), 275–288 (2001)Google Scholar
  20. 20.
    Koblitz, N., Menezes, A.: Another Look at Provable Security. Technical report CORR 2004-20, Centre for Applied Cryptographic Research, University of Waterloo, Canada (2004)Google Scholar
  21. 21.
    Krawczyk, H.: SKEME: A Versatile Secure Key Exchange Mechanism for Internet. In: NDSS 1996, pp. 114–127. IEEE Internet Society Press, Los Alamitos (1996)Google Scholar
  22. 22.
    Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005); (Extended version available from
  23. 23.
    Kwon, T.: Authentication and Key Agreement via Memorable Passwords. In: Juels, A., Brainard, J. (eds.) NDSS 2001. Internet Society Press (2001)Google Scholar
  24. 24.
    Rogaway, P.: On the Role Definitions in and Beyond Cryptography. In: Maher, M.J. (ed.) ASIAN 2004. LNCS, vol. 3321, pp. 13–32. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  25. 25.
    Wan, Z., Wang, S.: Cryptanalysis of Two Password-Authenticated Key Exchange Protocols. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 164–175. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  26. 26.
    Wong, D.S., Chan, A.H.: Efficient and Mutually Authenticated Key Exchange for Low Power Computing Devices. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 272–289. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Kim-Kwang Raymond Choo
    • 1
  • Colin Boyd
    • 1
  • Yvonne Hitchcock
    • 1
  1. 1.Information Security InstituteQueensland University of TechnologyBrisbaneAustralia

Personalised recommendations