New Modular Compilers for Authenticated Key Exchange
We present two new compilers that generically turn passively secure key exchange protocols (KE) into authenticated key exchange protocols (AKE) where security also holds in the presence of active adversaries. Security is shown in a very strong security model where the adversary is also allowed to i) reveal state information of the protocol participants and ii) launch theoretically and practically important PKI-related attacks that model important classes of unknown-key share attacks. Although the security model is much stronger, our compilers are more efficient than previous results with respect to many important metrics like the additional number of protocol messages and moves, the additional computational resources required by the compiler or the number of additional primitives applied. Moreover, we advertise a mechanism for implicit key confirmation. From a practical point of view, the solution is simple and efficient enough for authenticated key exchange. In contrast to previous results, another interesting aspect that we do not require that key computed by the key exchange protocol is handed over to the compiler what helps to avoid additional and costly modifications of existing KE-based systems.
KeywordsProtocol Compiler Authenticated Key Exchange Security Model
- 1.Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract). In: STOC, pp. 419–428 (1998)Google Scholar
- 7.Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: Generic compilers for authenticated key exchange (full version). IACR Cryptology ePrint Archive, 2010:621 (2010)Google Scholar
- 10.Koblitz, N., Menezes, A.: Another look at security definitions. IACR Cryptology ePrint Archive, 2011:343 (2011)Google Scholar