Abstract
Key exchange protocols in the setting of universal composability are investigated. First we show that the ideal functionality \(\mathcal{F}_{\rm KE}\) of [9] cannot be realized in the presence of adaptive adversaries, thereby disproving a claim in [9]. We proceed to propose a modification \(\mathcal{F}_{\rm KE}^{(i,j)}\), which is proven to be realizable by two natural protocols for key exchange. Furthermore, sufficient conditions for securely realizing this modified functionality are given. Two notions of key exchange are introduced that allow for security statements even when one party is corrupted. Two natural key exchange protocols are proven to fulfill the ”weaker” of these notions, and a construction for deriving protocols that satisfy the ”stronger” notion is given.
Chapter PDF
Similar content being viewed by others
References
Aiello, W., Bellovin, S.M., Blaze, M., Canetti, R., Ioannidis, J., Keromytis, A.D., Reingold, O.: Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 48–58. ACM Press, New York (2002)
Backes, M., Pfitzmann, B., Waidner, M.: A Universally Composable Cryptographic Library. Cryptology ePrint Archive, Report 2003/015 (January 2003), http://eprint.iacr.org/2003/015/
Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols. In: Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing, pp. 419–428. ACM Press, New York (1998), Full version at http://eprint.iacr.org/1998/009
Bellare, M., Rogaway, P.: Provably Secure Session Key Distribution: the Three Party Case. In: Proceedings of the Twenty-Seventh Annual ACM Symposium on Theory of Computing, pp. 57–66. ACM Press, New York (1995)
Boneh, D.: The Decision Diffie-Hellman Problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998)
Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: Proceedings of 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, pp. 136–145. IEEE Computer Society, Los Alamitos (2001), Full version at http://eprint.iacr.org/2000/067
Canetti, R., Fischlin, M.: Universally Composable Commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001), Full version at http://eprint.iacr.org/2001/055
Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 453. Springer, Heidelberg (2001), Full version at http://eprint.iacr.org/2002/047
Canetti, R., Krawczyk, H.: Universally Composable Notions of Key Exchange and Secure Channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 337. Springer, Heidelberg (2002), All citations refer to the full version at http://eprint.iacr.org/2002/059
Canetti, R., Kushilevitz, E., Lindell, Y.: On the Limitations of Universally Composable Two-Party Computation Without Set-up Assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003) (to appear)
Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally Composable Two-Party and Multi-party Secure Computation. In: Proceedings on Thirty-Fourth Annual ACM Symposium on Theory of Computing, STOC 2002, pp. 494–503. ACM Press, New York (2002)
Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally Composable Two-Party and Multi-party Secure Computation, Full (and revised) version of [11] (July 2003), Available at http://eprint.iacr.org/2002/140
Damgård, I.B.: Presentation of [14]. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 449. Springer, Heidelberg (2002)
Damgård, I.B., Nielsen, J.B.: Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 581–596. Springer, Heidelberg (2002)
Dolev, D., Yao, A.C.: On the Security of Public Key Protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)
Goldwasser, S., Micali, S.: Probabilistic Encryption. Journal of Computer and System Science 28 (1984)
Hofheinz, D., Müller-Quade, J., Steinwandt, R.: On Modeling INDCCA Security in Cryptographic Protocols. Cryptology ePrint Archive, Report 2003/024 (February 2003), http://eprint.iacr.org/2003/024
Internet Key Exchange (IKEv2) Protocol. Charlie Kaufman, editor. IPSEC Working Group INTERNET-DRAFT draft-ietf-ipsec-ikev2-06.txt (March 2003), Available at http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-06.txt
Luby, M.: Pseudorandomness and Cryptographic Applications. Princeton Computer Science Notes. Princeton University Press, Princeton (1996)
Pfitzmann, B., Waidner, M.: A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission. In: IEEE Symposium on Research in Security and Privacy, pp. 184–200. IEEE Computer Society Press, Los Alamitos (2001), Full version at http://eprint.iacr.org/2000/066
Shoup, V.: On Formal Models for Secure Key Exchange. Cryptology ePrint Archive, Report 1999/012 (1999), http://eprint.iacr.org/1999/012
Steiner, M.: Secure Group Key Agreement. PhD thesis, Universität des Saarlandes (2002), Online available at http://www.semper.org/sirene/publ/Stei_02.thesis-final.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hofheinz, D., Müller-Quade, J., Steinwandt, R. (2003). Initiator-Resilient Universally Composable Key Exchange. In: Snekkenes, E., Gollmann, D. (eds) Computer Security – ESORICS 2003. ESORICS 2003. Lecture Notes in Computer Science, vol 2808. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39650-5_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-39650-5_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20300-1
Online ISBN: 978-3-540-39650-5
eBook Packages: Springer Book Archive