sHMQV: An Efficient Key Exchange Protocol for Power-Limited Devices
In this paper we focus on designing authenticated key exchange protocols for practical scenarios where the party consists of a powerful but untrusted host (e.g., PC, mobile phone, etc) and a power-limited but trusted device (e.g., Trusted Platform Module, Mobile Trusted Module, Smart Card, etc). HMQV and (s,r)OAKE protocols are the state-of-the-art in the integrity of security and efficiency. However, we find that they are not suitable for the above scenarios as all (or part) of the online exponentiation computations must be performed in the power-limited trusted devices, which makes them inefficient for the deployment in practice.
To overcome the above inefficiency, we propose a variant of HMQV protocol, denoted sHMQV, under some new design rationales which bring the following advantages: 1) eliminating the validation of the ephemeral public keys, which costs one exponentiation; 2) the power-limited trusted device only performs one exponentiation, which can be pre-computed offline; 3) all the online exponentiation computations can be performed in the powerful host. The above advantages make sHMQV enjoy better performance than HMQV and (s,r)OAKE, especially when deployed in the scenarios considered in this paper. We finally formally prove the security of sHMQV in the CK model.
KeywordsAuthenticated Key Exchange CK model Security Analysis Power-limited Devices
Unable to display preview. Download preview PDF.
- 1.American National Standard (ANSI) X9.42-2001. Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm CryptographyGoogle Scholar
- 2.American National Standard (ANSI) X9.63. Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport using Elliptic Curve CryptographyGoogle Scholar
- 5.Cremers, C., Feltz, M.: One-Round Strongly Secure Key Exchange with Perfect Forward Secrecy and Deniability. Eidgenössische Technische Hochschule Zürich, Department of Computer Science (2011)Google Scholar
- 9.IEEE 1363-2000. Standard Specifications for Public Key CryptographyGoogle Scholar
- 10.ISO/IEC IS 15946-3. Information Technology - Security Techniques - Cryptographic Techniques Based on Elliptic Curves - Part 3: Key Establishment (2002)Google Scholar
- 18.Matsumoto, T., Takashima, Y.: On Seeking Smart Public-Key-Distribution Systems. IEICE Transactions (1976-1990) 69(2), 99–106 (1986)Google Scholar
- 20.Menezes, A., Qu, M., Vanstone, S.: Some new key agreement protocols providing mutual implicit authentication. In: Second Workshop on Selected Areas in Cryptography, SAC 1995 (1995)Google Scholar
- 21.NIST Special Publication 800-56 (DRAFT). Recommendation on Key Establishment Schemes (January 2003)Google Scholar
- 23.Skipjack and NIST. KEA algorithm specifications (1998)Google Scholar
- 24.TCG. Trusted Platform Module Library Part 1: Architecture, Family 2.0, Level 00 Revision 01.07 (2014)Google Scholar
- 25.TCG. Trusted Platform Module Library Part 3: Commands Family 2.0, Level 00 Revision 01.07 (2014)Google Scholar
- 28.Yao, A.C., Zhao, Y.: A New Family of Implicitly Authenticated Diffie-Dellman Protocols. Technical report, Cryptology ePrint Archive, Report 2011/035 (2011) (Cited on pages 10 and 15), http://eprint.iacr.org/
- 29.Yao, A.C.-C., Zhao, Y.: OAKE: A New Family of Implicitly Authenticated Diffie-Dellman Protocols. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1113–1128. ACM (2013)Google Scholar
- 30.Zhao, S., Zhang, Q.: sHMQV: An Efficient Key Exchange Protocol for Power-limited Devices, http://eprint.iacr.org/2015/110.pdf