Abstract
Zero Knowledge (ZK) theory formed the basis for practical identification and signature cryptosysems (invented by Fiat and Shamir). It also was used to construct a key distribution scheme (invented by Bauspiess and Knobloch); however, it seems that the ZK concept is less appropriate for key distribution systems (KDS), where the main cost is the number of communications. We propose relaxed criteria for the security of KDS, which we assert are sufficient, and present a system which meets most of the criteria. Our system is not ZK (it leaks few bits), but in return it is very simple. It is a Diffie-Hellman variation. Its security is equivalent to RS A, but it runs faster.
Our definition for the security of KDS is based on a new definition of security for one-way functions recently proposed by Goldreich and Levin. For a given system and given cracking- algorithm, I, the cracking rate is roughly the average of the inverse of the running-time over all instances (if on some instance it fails, that inverse is zero). If there exists a function s:N→N, s.t. for all I, the cracking-rate for security parameter n is O (1)/s(n), then we say that the system has at least security s. We use this concept to define the security of KDS for malicious adversary (the passive adversary is a special case). Our definition of a malicious adversary is relatively restricted, but we assert it is general enough for KDS. This restriction enables the proof of security results for simple and practical systems. We further modify the definition to allow past keys and their protocol messages in the input data to a cracking algorithm. The resulting security functi on is called the “amortized security” of the system. This is justified by current usage of KDS, where the keys are often used with cryptosystems of moderate strength. We demonstrate the above properties on some Diffie-Hellman KDS variants which also authenticate the parties. In particular, we give evidence that one of the variants has super-polynomial security against any malicious adversary, assuming RSA modulus is hard to factor. We also give evidence that its amortized security is super-polynomial. (The original DH scheme does not authenticate, and the version with public directory has a fixed key, i.e. zero amortized security.)
Chapter PDF
References
Ben-David, S., Chor, B., Goldreich, O., Luby, M.: “On the Theory of Average Case Complexity”, STOC, 1989 pp. 204–216.
Bauspiess, F., Knobloch, H.: “How to Keep Authenticity Alive in a Computer Network”, Eurocrypt’89.
Dolev, D., Even, E., Karp, R.M.: “On the Security of Ping-Pong Protocols”, Information and Control, Vol. 55, Nos 1–3, Nov. Dec. 1982, pp. 57–68.
Diffie, W., Hellman, M.: “New Directions In Cryptography”, IEEE Trans. on Inf. Theory, 1976, IT-22, pp. 644–654.
Fiat, A., Shamir, A.: “How to Prove Yourself: Practical Solutions to Identification and Signature Problems”, Proceedings of Crypto 86.
Günther, C.G.: “Diffie-Hellman and El-Gamal Protocols With One Single Authentication Key”, Eurocrypt’89.
Galil, Z., Haber, S., Yung, M.: “Minimum-Knowledge Interactive Proofs for Decision Problems”, SIAM J. on Computers Vol. 18, No. 4, Aug. 1989.
Goldreich, O., Levin, A.L.: “A Hard-Core Predicate for All One-Way Functions”, STOC’89, pp. 25–32.
Goldwasser, S., Micali, S.,: “Probabilistic Encryption”, JCSS, Vol. 28, No. 2, 1984, pp. 270–279.
Goldwasser, S., Micali, S., Rackoff, C: “The knowledge Complexity of Interactive Proof Systems”, Proc. 17th ACM Symposium on Theory of Computing 1985, and SIAM 1989.
Goldreich, O., Micali, S., Wigderson, A.: “How to Play Any Mental Game”, Proc. STOC 1987, pp 218–229
Hopcroft, J.E., Ullman, J.D.: “Introduction to automata theory, languages, & computation” Addison-Wesley, 1979
Koyama, K., Ohta, K.: “Identity Based Conference Key Distribution Systems”, Proc. Crypto’87.
McCurley, K.S.: “A Key Distribution System Equivalent to Factoring”, J. of Cryptology, Vol.1, No. 2, 1988, pp. 95–106.
Matsumoto, T., Takashima, Y., Imai, H.: “On Seeking Smart Public-Key-Distribution Systems”, Trans. of IECE Japan Vo. E 69, No. 2, Feb 1986.
Okamoto, E.: “Proposal for Identity-Based Key Distribution Systems”, Electronic Letters 1986, 22, pp. 1283,1284.
Rivest, R.L., Shamir, A., and Adelman, L.: “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”, Commun. ACM 1978, 21, pp. 120–126.
Shmuely, Z.: “Composite Diffie-Hellman Public-Key Generating Systems Are Hard to Break”, TR #356, Computer Science Dept. Technion, IIT, Feb. 1985.
Yacobi, Y.: “Attack on The Koyama-Ohta Identity Based Key-Distribution System”, Proc. Crypto’87.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1990 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yacobi, Y., Shmuely, Z. (1990). On Key Distribution Systems. In: Brassard, G. (eds) Advances in Cryptology — CRYPTO’ 89 Proceedings. CRYPTO 1989. Lecture Notes in Computer Science, vol 435. Springer, New York, NY. https://doi.org/10.1007/0-387-34805-0_32
Download citation
DOI: https://doi.org/10.1007/0-387-34805-0_32
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-0-387-97317-3
Online ISBN: 978-0-387-34805-6
eBook Packages: Springer Book Archive