Efficient One-Round Key Exchange in the Standard Model
نویسندگان
چکیده
We consider one-round key exchange protocols secure in the standard model. The security analysis uses the powerful security model of Canetti and Krawczyk and a natural extension of it to the ID-based setting. It is shown how KEMs can be used in a generic way to obtain two different protocol designs with progressively stronger security guarantees. A detailed analysis of the performance of the protocols is included; surprisingly, when instantiated with specific KEM constructions, the resulting protocols are competitive with the best previous schemes that have proofs only in the random oracle model.
منابع مشابه
One Round Group Key Exchange with Forward Security in the Standard Model
Constructing a one round group key exchange (GKE) protocol that provides forward secrecy is an open problem in the literature. In this paper, we investigate whether or not the security of one round GKE protocols can be enhanced with any form of forward secrecy without increasing the number of rounds. We apply the key evolving approach used for forward secure encryption/signature schemes and the...
متن کاملOne-Round Key Exchange with Strong Security: An Efficient and Generic Construction in the Standard Model
One-round authenticated key exchange (ORKE) is an established research area, with many prominent protocol constructions like HMQV (Krawczyk, CRYPTO 2005) and Naxos (La Macchia et al., ProvSec 2007), and many slightly different, strong security models. Most constructions combine ephemeral and static Diffie-Hellman Key Exchange (DHKE), in a manner often closely tied to the underlying security mod...
متن کاملAuthenticated Key Exchange Protocol in One-Round
The Key-exchange protocol is one of the most basic and widely used cryptographic protocols in internet for secure communication. In a two-party setting, cryptographic protocol design has often ignored the possibility of simultaneous message transmission by each of the two parties. Most protocols for two-party have been designed assuming that parties alternate sending their messages. We present ...
متن کاملOne-Round Protocols for Two-Party Authenticated Key Exchange
Cryptographic protocol design in a two-party setting has often ignored the possibility of simultaneous message transmission by each of the two parties (i.e., using a duplex channel). In particular, most protocols for two-party key exchange have been designed assuming that parties alternate sending their messages (i.e., assuming a bidirectional half-duplex channel). However, by taking advantage ...
متن کاملStrongly secure authenticated key exchange in the standard model
Nowadays many crucial network applications rely on the existence of a confidential channel established by authenticated key exchange (AKE) protocols over public networks. With the rapid development of cyber technology, novel attacks to cryptosystem emerge in an endless stream. This has also led to the development of AKE solutions to provide increasingly stronger security guarantees. In this the...
متن کامل