mOT+: An Efficient and Secure Identity-Based Diffie-Hellman Protocol over RSA Group

  • Baoping TianEmail author
  • Fushan Wei
  • Chuangui Ma
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9473)


In 2010, Rosario Gennaro et al. revisited the old and elegant Okamoto-Tanaka scheme and presented a variant of it called mOT. However the compromise of ephemeral private key will lead to the leakage of the session key and the user’s static private key. In this paper, we propose an improved version of mOT(denoted as mOT+). Moreover, based on RSA assumption and CDH assumption we provide a tight and intuitive security reduction in the id-eCK model. Without any extra computational cost, mOT+ achieves security in the id-eCK model, and furthermore it also meets full perfect forward secrecy against active adversary.


Public key cryptography Diffie-Hellman Composite modulus id-eCK model 



The authors would like to thank the anonymous referees for their helpful comments. This work is supported by the National Natural Science Foundation of China (Nos. 61309016,61379150,61201220), Post-doctoral Science Foundation of China (No. 2014M562493), Post-doctoral Science Foundation of Shanxi Province and Key Scientific and Technological Project of Henan Province (No. 122102210126) and the National Cryptology Development Project of China (No. MMJJ201201005).


  1. 1.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Krawczyk, H.: HMQV: a high-performance secure diffie-hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  3. 3.
    Law, L., et al.: An efficient protocol for authenticated key agreement. Des. Codes Crypt. 28(2), 119–134 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985) CrossRefGoogle Scholar
  5. 5.
    Chen, L., Kudla, C.: Identity based authenticated key agreement protocols from pairings. In: Proceedings of the 16th IEEE Computer Security Foundations Workshop, pp. 219–233. IEEE (2003)Google Scholar
  6. 6.
    McCullagh, N., Barreto, P.S.L.M.: A new two-party identity-based authenticated key agreement. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 262–274. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  7. 7.
    Smart, N.P.: Identity-based authenticated key agreement protocol based on Weil pairing. Electron. Lett. 38(13), 630–632 (2002)CrossRefzbMATHGoogle Scholar
  8. 8.
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS-IV. LNCS, vol. 1838, pp. 385–393. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Okamoto, E., Tanaka, K.: Key distribution system based on identi cation information. IEEE J. Sel. Areas Commun. 7(4), 481–485 (1989)CrossRefGoogle Scholar
  10. 10.
    Mambo, M., Shizuya, H.: A note on the complexity of breaking Okamoto- Tanaka ID-based key exchange scheme. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 82(1), 77–80 (1999)zbMATHGoogle Scholar
  11. 11.
    Seungjoo, K.I.M., et al.: On the security of the Okamoto-Tanaka ID-Based Key Exchange scheme against Active attacks. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 84(1), 231–238 (2001)Google Scholar
  12. 12.
    Gennaro, R., Krawczyk, H., Rabin, T.: Okamoto-Tanaka revisited: fully authenticated Diffie-Hellman with minimal overhead. In: Yung, M., Zhou, J. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 309–328. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  13. 13.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  14. 14.
    Menezes, A., Ustaoglu, B.: Security arguments for the UM key agreement protocol in the NIST SP 800–56A standard. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 261–270. ACM (2008)Google Scholar
  15. 15.
    LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  16. 16.
    Huang, H., Cao, Z.: An ID-based authenticated key exchange protocol based on bilinear Diffe-Hellman problem. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 333–342. ACM (2009)Google Scholar
  17. 17.
    Shmuely, Z.: Composite Diffie-Hellman public-key generating systems are hard to break. Technical report 356. Computer Science Department, Technion, Israel (1985)Google Scholar
  18. 18.
    Shamir, A.: On the generation of cryptographically strong pseudorandom sequences. ACM Trans. Comput. Syst. (TOCS) 1(1), 38–44 (1983)MathSciNetCrossRefGoogle Scholar
  19. 19.
    De Santis, A., et al.: How to share a function securely. In: Proceedings of the Twenty- Sixth Annual ACM Symposium on Theory of Computing, pp. 522–533. ACM (1994)Google Scholar
  20. 20.
    Goldreich, O., Rosen, V.: On the security of modular exponentiation with application to the construction of pseudorandom generators. J. Crypt. 16(2), 71–93 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 249–263. Springer, Heidelberg (1997)Google Scholar
  23. 23.
    Hofheinz, D., Kiltz, E.: The group of signed quadratic residues and applications. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 637–653. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  24. 24.
    Coron, J.-S., May, A.: Deterministic polynomial-time equivalence of computing the RSA secret key and factoring. J. Crypt. 20(1), 39–50 (2007)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.State Key Laboratory of Mathematical Engineering and Advanced ComputingZhengzhou Information Science and Technology InstituteZhengzhouChina

Personalised recommendations