Okamoto-Tanaka Revisited: Fully Authenticated Diffie-Hellman with Minimal Overhead

نویسندگان

  • Rosario Gennaro
  • Hugo Krawczyk
  • Tal Rabin
چکیده

This paper investigates the question of whether a key agreement protocol with the same communication complexity as the original Diffie-Hellman protocol (DHP) (two messages with a single group element per message), and similar low computational overhead, can achieve forward secrecy against active attackers in a provable way. We answer this question in the affirmative by resorting to an old and elegant key agreement protocol: the Okamoto-Tanaka protocol [23]. We analyze a variant of the protocol (denotedmOT) which achieves the above goal. Moreover, due to the identity-based properties of mOT, even the sending of certificates (typical for authenticated DHPs) can be avoided in the protocol. As additional contributions, we apply our analysis to prove the security of a recent multi-domain extension of the OkamotoTanaka protocol by Schridde et al. which is of particular interest in the case of Mobile Ad-Hoc Networks where nodes from different authorities might be required to communicate securely.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Sufficient Condition for Ephemeral Key-Leakage Resilient Tripartite Key Exchange

Tripartite (Diffie-Hellman) Key Exchange (3KE), introduced by Joux (ANTS-IV 2000), represents today the only known class of group key exchange protocols, in which computation of unauthenticated session keys requires one round and proceeds with minimal computation and communication overhead. The first one-round authenticated 3KE version that preserved the unique efficiency properties of the orig...

متن کامل

A Note on the Complexity of Breaking Okamoto-Tanaka ID-Based Key Exchange Scheme

The rigorous security of Okamoto-Tanaka identity-based key exchange scheme has been open for a decade. In this paper, we show that (1) breaking the scheme is equivalent to breaking the Diffie-Hellman key exchange scheme over Zn, and (2) impersonation is easier than breaking. The second result is obtained by proving that breaking the RSA public-key cryptosystem reduces to breaking the Diffie-Hel...

متن کامل

Strongly Secure Authenticated Key Exchange Protocol Based on Computational Diffie-Hellman Problem

Currently, there are a lot of authenticated key exchange (AKE) protocols in literature. However, the security proofs of this kind of protocols have been established to be a non-trivial task. The main issue is that without static private key it is difficult for simulator to fully support the SessionKeyReveal and EphemeralKeyReveal queries. Some proposals which have been proven secure either just...

متن کامل

Threshold Password-based Authenticated Key Exchange using Matrix

Authentication protocols rely on the possession of keys by the parties to be authenticated. For security, keys must be chosen randomly and have to have a long length from 100 bits to thousands of bits. But such keys are difficult to memorize for humans. Password-based authenticated key exchange protocols offer an efficient method to achieve an authentication and a secure communication between t...

متن کامل

Identity Based Authenticated Key Agreement from Pairings

We present a new identity based authenticated key agreement protocol from pairings satisfying the required security attributes. The security of our protocol is based on the bilinear Diffie-Hellman assumption.

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2010  شماره 

صفحات  -

تاریخ انتشار 2010