sHMQV: An Efficient Key Exchange Protocol for Power-Limited Devices

  • Shijun ZhaoEmail author
  • Qianying Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9065)


In this paper we focus on designing authenticated key exchange protocols for practical scenarios where the party consists of a powerful but untrusted host (e.g., PC, mobile phone, etc) and a power-limited but trusted device (e.g., Trusted Platform Module, Mobile Trusted Module, Smart Card, etc). HMQV and (s,r)OAKE protocols are the state-of-the-art in the integrity of security and efficiency. However, we find that they are not suitable for the above scenarios as all (or part) of the online exponentiation computations must be performed in the power-limited trusted devices, which makes them inefficient for the deployment in practice.

To overcome the above inefficiency, we propose a variant of HMQV protocol, denoted sHMQV, under some new design rationales which bring the following advantages: 1) eliminating the validation of the ephemeral public keys, which costs one exponentiation; 2) the power-limited trusted device only performs one exponentiation, which can be pre-computed offline; 3) all the online exponentiation computations can be performed in the powerful host. The above advantages make sHMQV enjoy better performance than HMQV and (s,r)OAKE, especially when deployed in the scenarios considered in this paper. We finally formally prove the security of sHMQV in the CK model.


Authenticated Key Exchange CK model Security Analysis Power-limited Devices 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    American National Standard (ANSI) X9.42-2001. Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm CryptographyGoogle Scholar
  2. 2.
    American National Standard (ANSI) X9.63. Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport using Elliptic Curve CryptographyGoogle Scholar
  3. 3.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Canetti, R., Krawczyk, H.: Security Analysis of IKE’s Signature-Based Key-Exchange Protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 143–161. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Cremers, C., Feltz, M.: One-Round Strongly Secure Key Exchange with Perfect Forward Secrecy and Deniability. Eidgenössische Technische Hochschule Zürich, Department of Computer Science (2011)Google Scholar
  6. 6.
    Cremers, C., Feltz, M.: Beyond eCK: Perfect Forward Secrecy under Actor Compromise and Ephemeral-Key Reveal. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 734–751. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  7. 7.
    Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Gennaro, R., Krawczyk, H., Rabin, T.: Okamoto-tanaka revisited: Fully authenticated diffie-hellman with minimal overhead. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 309–328. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    IEEE 1363-2000. Standard Specifications for Public Key CryptographyGoogle Scholar
  10. 10.
    ISO/IEC IS 15946-3. Information Technology - Security Techniques - Cryptographic Techniques Based on Elliptic Curves - Part 3: Key Establishment (2002)Google Scholar
  11. 11.
    Jeong, I.R., Katz, J., Lee, D.-H.: One-Round Protocols for Two-Party Authenticated Key Exchange. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 220–232. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Kaliski Jr, B.S.: An unknown key-share attack on the MQV key agreement protocol. ACM Transactions on Information and System Security (TISSEC) 4(3), 275–288 (2001)CrossRefGoogle Scholar
  13. 13.
    Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Kunz-Jacques, S., Pointcheval, D.: A New Key Exchange Protocol Based on MQV Assuming Public Computations. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 186–200. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger Security of Authenticated Key Exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Lauter, K., Mityagin, A.: Security Analysis of KEA Authenticated Key Exchange Protocol. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 378–394. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An Efficient Protocol for Authenticated Key Agreement. Designs, Codes and Cryptography 28(2), 119–134 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Matsumoto, T., Takashima, Y.: On Seeking Smart Public-Key-Distribution Systems. IEICE Transactions (1976-1990) 69(2), 99–106 (1986)Google Scholar
  19. 19.
    Menezes, A.: Another look at HMQV. Mathematical Cryptology JMC 1(1), 47–64 (2007)MathSciNetzbMATHGoogle Scholar
  20. 20.
    Menezes, A., Qu, M., Vanstone, S.: Some new key agreement protocols providing mutual implicit authentication. In: Second Workshop on Selected Areas in Cryptography, SAC 1995 (1995)Google Scholar
  21. 21.
    NIST Special Publication 800-56 (DRAFT). Recommendation on Key Establishment Schemes (January 2003)Google Scholar
  22. 22.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  23. 23.
    Skipjack and NIST. KEA algorithm specifications (1998)Google Scholar
  24. 24.
    TCG. Trusted Platform Module Library Part 1: Architecture, Family 2.0, Level 00 Revision 01.07 (2014)Google Scholar
  25. 25.
    TCG. Trusted Platform Module Library Part 3: Commands Family 2.0, Level 00 Revision 01.07 (2014)Google Scholar
  26. 26.
    Ustaoglu, B.: Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS. Designs, Codes and Cryptography 46(3), 329–342 (2008)MathSciNetCrossRefGoogle Scholar
  27. 27.
    Xu, J., Feng, D.: Comments on the SM2 key exchange protocol. In: Lin, D., Tsudik, G., Wang, X. (eds.) CANS 2011. LNCS, vol. 7092, pp. 160–171. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  28. 28.
    Yao, A.C., Zhao, Y.: A New Family of Implicitly Authenticated Diffie-Dellman Protocols. Technical report, Cryptology ePrint Archive, Report 2011/035 (2011) (Cited on pages 10 and 15),
  29. 29.
    Yao, A.C.-C., Zhao, Y.: OAKE: A New Family of Implicitly Authenticated Diffie-Dellman Protocols. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1113–1128. ACM (2013)Google Scholar
  30. 30.
    Zhao, S., Zhang, Q.: sHMQV: An Efficient Key Exchange Protocol for Power-limited Devices,

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Institute of Software Chinese Academy of SciencesISCASBeijingChina

Personalised recommendations