Okamoto-Tanaka Revisited: Fully Authenticated Diffie-Hellman with Minimal Overhead
نویسندگان
چکیده
This paper investigates the question of whether a key agreement protocol with the same communication complexity as the original Diffie-Hellman protocol (DHP) (two messages with a single group element per message), and similar low computational overhead, can achieve forward secrecy against active attackers in a provable way. We answer this question in the affirmative by resorting to an old and elegant key agreement protocol: the Okamoto-Tanaka protocol [23]. We analyze a variant of the protocol (denotedmOT) which achieves the above goal. Moreover, due to the identity-based properties of mOT, even the sending of certificates (typical for authenticated DHPs) can be avoided in the protocol. As additional contributions, we apply our analysis to prove the security of a recent multi-domain extension of the OkamotoTanaka protocol by Schridde et al. which is of particular interest in the case of Mobile Ad-Hoc Networks where nodes from different authorities might be required to communicate securely.
منابع مشابه
Sufficient Condition for Ephemeral Key-Leakage Resilient Tripartite Key Exchange
Tripartite (Diffie-Hellman) Key Exchange (3KE), introduced by Joux (ANTS-IV 2000), represents today the only known class of group key exchange protocols, in which computation of unauthenticated session keys requires one round and proceeds with minimal computation and communication overhead. The first one-round authenticated 3KE version that preserved the unique efficiency properties of the orig...
متن کاملA Note on the Complexity of Breaking Okamoto-Tanaka ID-Based Key Exchange Scheme
The rigorous security of Okamoto-Tanaka identity-based key exchange scheme has been open for a decade. In this paper, we show that (1) breaking the scheme is equivalent to breaking the Diffie-Hellman key exchange scheme over Zn, and (2) impersonation is easier than breaking. The second result is obtained by proving that breaking the RSA public-key cryptosystem reduces to breaking the Diffie-Hel...
متن کاملStrongly Secure Authenticated Key Exchange Protocol Based on Computational Diffie-Hellman Problem
Currently, there are a lot of authenticated key exchange (AKE) protocols in literature. However, the security proofs of this kind of protocols have been established to be a non-trivial task. The main issue is that without static private key it is difficult for simulator to fully support the SessionKeyReveal and EphemeralKeyReveal queries. Some proposals which have been proven secure either just...
متن کاملThreshold Password-based Authenticated Key Exchange using Matrix
Authentication protocols rely on the possession of keys by the parties to be authenticated. For security, keys must be chosen randomly and have to have a long length from 100 bits to thousands of bits. But such keys are difficult to memorize for humans. Password-based authenticated key exchange protocols offer an efficient method to achieve an authentication and a secure communication between t...
متن کاملIdentity Based Authenticated Key Agreement from Pairings
We present a new identity based authenticated key agreement protocol from pairings satisfying the required security attributes. The security of our protocol is based on the bilinear Diffie-Hellman assumption.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2010 شماره
صفحات -
تاریخ انتشار 2010