Efficient Authenticators with Application to Key Exchange

  • Shaoquan Jiang
  • Guang Gong
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3935)


The notion of authenticator, proposed by Bellare et al., is to transform a protocol secure in the authenticated-link model to a new one secure in the unauthenticated-link model. This notion admits a modular design and analysis of cryptographic protocols and thus greatly simplifies the underlying tasks. However, all previous authenticators are constructed via a so called MT-authenticator. This kind of authenticator authenticates each message independently. Thus, the round complexity of the resulting protocol is amplified by a multiplicative factor. In this paper, we propose two efficient authenticators which authenticate the protocol as a whole and the round complexity of the resulting protocol increases only by at most an additively small number. We also construct a very efficient key exchange protocol. Our protocol is provably secure under the general cryptographic assumption (especially without a concrete hardness assumption such as DDH or RSA). Of an independent interest, our security proof lies in the emulation based ideal-real model, instead of the widely adopted (seemingly weaker) SK-security. To our knowledge, this is the first protocol of its kind. It is worth mentioning that all our constructions are obtained by improving the related protocols of Bellare et al. [1].


Local Output Cryptographic Protocol Security Proof Incoming Message Digital Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols. In: STOC 1998, pp. 419–428 (1998)Google Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Provably secure session key distribution - the three party case. In: STOC 1995 (1995)Google Scholar
  4. 4.
    Boyd, C., Mao, W., Paterson, K.: Key Agreement Using Statically Keyed Authenticators. In: Jakobsson, M., et al. (eds.) ACNS 2004. LNCS, vol. 3809, pp. 248–262. Spinger, Heidelberg (2004)Google Scholar
  5. 5.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: Proceedings of the 34th Annual ACM Symposium on Theory of Computing, Montreal, Quebec, Canada, May 19-21, pp. 494–503 (2002)Google Scholar
  7. 7.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42th Symposium on Foundations of Computer Science, FOCS 2001, Las Vegas, Nevada, USA, October 14-17, pp. 136–145 (2001)Google Scholar
  8. 8.
    Choo, K., Boyd, C., Hitchcock, Y.: Errors in Computational Complexity Proofs for Protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 624–643. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable Cryptography, STOC 1991. SIAM J. on Computing 30(2), 391–437 (2000) (full version)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22, 644–654 (1976)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Goldreich, O., Goldwasser, S., Micali, S.: Foundations of Cryptography: Basic Applications. Cambridge University Press, Cambridge (2004)CrossRefGoogle Scholar
  12. 12.
    Goldreich, O., Goldwasser, S., Micali, S.: On the cryptographic applications of random functions. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 276–288. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  13. 13.
    Jiang, S., Gong, G.: Based Key Exchange with Mutual Authentication. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 271–283. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Jiang, S., Gong, G.: Efficient Authenticators with Application to Key Exchange. Full paper of this work, available at: http://calliope.uwaterloo.ca/~jiangshq
  15. 15.
    Katz, J., Yung, M.: Scalable Protocols for Authenticated Group Key Exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110–125. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Rackoff, C.: Some definitions, protocols, proofs about secure authentications. In: IBM CASCON 1992 (1992)Google Scholar
  17. 17.
    Rackoff, C., Simon, D.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar
  18. 18.
    Raimondo, M., Gennaro, R.: New Approaches for Deniable Authentication, IACR eprint, 2005/046, Available at: http://eprint.iacr.org/2005/046
  19. 19.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of ACM 2, 120–126 (1978)MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: STOC 1990, pp. 387–394 (1990)Google Scholar
  21. 21.
    Shoup, V.: On Formal Models for Secure Key Exchange, Theory of Cryptography Library (1999), Available at: http://philby.ucsd.edu/cryptolib/1999.html
  22. 22.
    Tin, Y., Vasanta, H., Boyd, C., Nieto, J.: Protocols with Security Proofs for Mobile Applications. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 358–369. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Shaoquan Jiang
    • 1
    • 2
  • Guang Gong
    • 2
  1. 1.Department of Computer ScienceUniversity of Electronic Science and Technology of ChinaChengDuChina
  2. 2.Department of Electrical and Computer EngineeringUniversity of WaterlooCanada

Personalised recommendations