Mind the Gap: Modular Machine-Checked Proofs of One-Round Key Exchange Protocols
نویسندگان
چکیده
Using EasyCrypt, we formalize a new modular security proof for one-round authenticated key exchange protocols in the random oracle model. Our proof improves earlier work by Kudla and Paterson (ASIACRYPT 2005) in three significant ways: we consider a stronger adversary model, we provide support tailored to protocols that utilize the Naxos trick, and we support proofs under the Computational DH assumption not relying on Gap oracles. Furthermore, our modular proof can be used to obtain concrete security proofs for protocols with or without adversarial key registration. We use this support to investigate, still using EasyCrypt, the connection between proofs without Gap assumptions and adversarial key registration. For the case of honestly generated keys, we obtain the first proofs of the Naxos and Nets protocols under the Computational DH assumption. For the case of adversarial key registration, we obtain machine-checked and modular variants of the well-known proofs for Naxos, Nets, and Naxos+.
منابع مشابه
eCK Secure Single Round ID-based Authenticated Key Exchange Protocols with Master Perfect Forward Secrecy (Extended Version)
Recently, LaMacchia, Lauter and Mityagin proposed the extended Canetti-Krawczyk (eCK) model for Authenticated Key Exchange (AKE) protocols that covers many attacks on existing models. An ID-based AKE protocol with Perfect Forward Secrecy (PFS) (respectively Master Perfect Forward Secrecy (MPFS)) ensures that revelation of the static keys of the parties (respectively the master secret key of the...
متن کاملEfficient One-Round Key Exchange in the Standard Model
We consider one-round key exchange protocols secure in the standard model. The security analysis uses the powerful security model of Canetti and Krawczyk and a natural extension of it to the ID-based setting. It is shown how KEMs can be used in a generic way to obtain two different protocol designs with progressively stronger security guarantees. A detailed analysis of the performance of the pr...
متن کاملSimple and tight device-independent security proofs
Proving security of device-independent (DI) cryptographic protocols has been regarded to be a complex and tedious task. In this work we show that a newly developed tool, the “entropy accumulation theorem” of Dupuis et al. [DFR16], can be effectively applied to give fully general proofs of DI security. At a high level our technique amounts to establishing a reduction to the scenario in which the...
متن کاملStrongly Secure One-Round Group Authenticated Key Exchange in the Standard Model
One-round group authenticated key exchange (GAKE) protocols typically provide implicit authentication and appealing bandwidth efficiency. As a special case of GAKE – the pairingbased one-round tripartite authenticated key exchange (3AKE), recently gains much attention of research community due to its strong security. Several pairing-based one-round 3AKE protocols have recently been proposed to ...
متن کاملIdentification Schemes of Proofs of Ability Secure against Concurrent Man-in-the-Middle Attacks
We give a series of three identification schemes. All of them are basically 2-round interactive proofs of ability to complete DiffieHellman tuples. Despite their simple protocols, the second and the third schemes are proven secure against concurrent man-in-the-middle attacks based on tight reduction to the Gap Computational Diffie-Hellman Assumption without the random oracle. In addition, they ...
متن کامل