New Modular Compilers for Authenticated Key Exchange

  • Yong Li
  • Sven Schäge
  • Zheng Yang
  • Christoph Bader
  • Jörg Schwenk
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8479)


We present two new compilers that generically turn passively secure key exchange protocols (KE) into authenticated key exchange protocols (AKE) where security also holds in the presence of active adversaries. Security is shown in a very strong security model where the adversary is also allowed to i) reveal state information of the protocol participants and ii) launch theoretically and practically important PKI-related attacks that model important classes of unknown-key share attacks. Although the security model is much stronger, our compilers are more efficient than previous results with respect to many important metrics like the additional number of protocol messages and moves, the additional computational resources required by the compiler or the number of additional primitives applied. Moreover, we advertise a mechanism for implicit key confirmation. From a practical point of view, the solution is simple and efficient enough for authenticated key exchange. In contrast to previous results, another interesting aspect that we do not require that key computed by the key exchange protocol is handed over to the compiler what helps to avoid additional and costly modifications of existing KE-based systems.


Protocol Compiler Authenticated Key Exchange Security Model 


  1. 1.
    Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract). In: STOC, pp. 419–428 (1998)Google Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  3. 3.
    Blake-Wilson, S., Menezes, A.: Unknown key-share attacks on the station-to-station (sts) protocol. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 154–170. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)CrossRefzbMATHMathSciNetGoogle Scholar
  6. 6.
    Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: Generic compilers for authenticated key exchange. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 232–249. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: Generic compilers for authenticated key exchange (full version). IACR Cryptology ePrint Archive, 2010:621 (2010)Google Scholar
  8. 8.
    Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the Security of TLS-DHE in the Standard Model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 273–293. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. J. Cryptology 20(1), 85–113 (2007)CrossRefzbMATHMathSciNetGoogle Scholar
  10. 10.
    Koblitz, N., Menezes, A.: Another look at security definitions. IACR Cryptology ePrint Archive, 2011:343 (2011)Google Scholar
  11. 11.
    Krawczyk, H., Paterson, K.G., Wee, H.: On the security of the tls protocol: A systematic analysis. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 429–448. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  12. 12.
    LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Menezes, A., Smart, N.P.: Security of signature schemes in a multi-user setting. Des. Codes Cryptography 33(3), 261–274 (2004)CrossRefzbMATHMathSciNetGoogle Scholar
  14. 14.
    Menezes, A., Ustaoglu, B.: Comparing the pre- and post-specified peer models for key agreement. IJACT 1(3), 236–250 (2009)CrossRefzbMATHMathSciNetGoogle Scholar
  15. 15.
    Okamoto, T.: Authenticated key exchange and key encapsulation in the standard model. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 474–484. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Yong Li
    • 1
  • Sven Schäge
    • 2
  • Zheng Yang
    • 1
    • 3
  • Christoph Bader
    • 1
  • Jörg Schwenk
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr-University BochumGermany
  2. 2.University College LondonUnited Kingdom
  3. 3.Chongqing University of TechnologyChina

Personalised recommendations