Abstract
Designing authenticated key exchange algorithms is a problem well understood in cryptography: there are established security models, and proposals proved secure in these models. However, models currently used assume that a honest entity involved in a key exchange is trusted as a whole. In many practical contexts, the entity is divided in an authentication device storing a private key and having low computing power, and a computing device, that performs part of the computations required by protocol runs. The computing device might be a PC connected to the Internet, and the authenticating device a smart card. In that case as well in many others, a compromise of the computing device is to be expected. We therefore propose a variant of the MQV and HMQV key exchange protocols secure in that context, unlike the original protocols. The security claim is supported by a proof in a model derived from the Canetti-Krawczyk one, which takes into account more general rogue behaviours of the computing device.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-Based Authenticated Key Exchange in the Three-Party Setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)
Béguin, P., Quisquater, J.-J.: Fast Server-Aided RSA Signatures Secure against Active Attacks. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 57–69. Springer, Heidelberg (1995)
Bellare, M., Canetti, R., Krawczyk, H.: A modular Approach to the design and Analysis of Authentication and Key Exchange Protocols (extended abstract). In: STOC 1998, pp. 419–428. ACM Press, New York (1998)
Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Canetti, R., Krawczyk, H.: A Universally Composable Notions of Key Exchange and Secure Channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)
Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory (1976)
Hohenberger, S., Lysyanskaya, A.: How to Securely Outsource Cryptographic Computations. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 264–282. Springer, Heidelberg (2005)
Kaliski Jr., B.S.: An Unknown Key-share Attack on the MQV Key Agreement Protocol. ACM Trans. Inf. Syst. Secur. 4(3), 275–288 (2001)
Krawczyk, H.: SIGMA: The ‘SIGn-and-MAc’ Approach to Authenticated Diffie-Hellman and Its Use in the IKE Protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400–425. Springer, Heidelberg (2003)
Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)
Matsumoto, T., Kato, K., Imai, H.: Speeding up Secret Computations with Insecure Auxiliary Devices. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 497–506. Springer, Heidelberg (1990)
Matsumoto, T., Takashima, Y., Imai, H.: On Seeking Smart Public-key Distribution Systems. Transactions of the IECE of Japan E69, 99–106 (1986)
Menezes, A.: Another Look at HMQV. Cryptology ePrint archive, Report 2005/205, Available at: http://eprint.iacr.org
Menezes, A., Qu, M., Vanstone, S.: Some New Key Agreement Protocols Providing Mutual Implicit Authentication. In: Workshop on Selected Areas in Cryptography (SAC 1995), pp. 22–32 (1995)
Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Naccache, D., M’Raïhi, D., Vaudenay, S., Raphaeli, D.: Can D.S.A. be Improved? Complexity Trade-Offs with the Digital Signature Standard. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 77–85. Springer, Heidelberg (1995)
Nguyên, P.Q., Stern, J.: The Béguin-Quisquater Server-Aided RSA Protocol from Crypto 1995 is not Secure. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 372–379. Springer, Heidelberg (1998)
Nguyên, P.Q., Stern, J.: The Two Faces of Lattices in Cryptology. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 146–180. Springer, Heidelberg (2001)
Chevassut, O., Fouque, P.-A., Gaudry, P., Pointcheval, D.: Key Derivation and Randomness Extraction. Cryptology ePrint archive, Report 2005/061, Available at: http://eprint.iacr.org
Pfitzmann, B., Waidner, M.: Attacks on Protocols for Server-Aided RSA Computation. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 153–162. Springer, Heidelberg (1993)
Pointcheval, D., Stern, J.: Security Arguments for Digital Signatures and Blind Signatures. Journal of Cryptology 13(3), 361–369 (2000)
Shoup, V., Rubin, A.: Session Key Distribution Using Smart Cards. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 321–331. Springer, Heidelberg (1996)
Standard for Efficient Cryptography Website, http://www.secg.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kunz-Jacques, S., Pointcheval, D. (2006). A New Key Exchange Protocol Based on MQV Assuming Public Computations. In: De Prisco, R., Yung, M. (eds) Security and Cryptography for Networks. SCN 2006. Lecture Notes in Computer Science, vol 4116. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11832072_13
Download citation
DOI: https://doi.org/10.1007/11832072_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38080-1
Online ISBN: 978-3-540-38081-8
eBook Packages: Computer ScienceComputer Science (R0)