Reusing Static Keys in Key Agreement Protocols
نویسندگان
چکیده
Contrary to conventional cryptographic wisdom, the NIST SP 800-56A standard ex-plicitly allows the use of a static key pair in more than one of the key establishment protocolsdescribed in the standard. In this paper, we give examples of key establishment protocols that are individually secure, but which are insecure when static key pairs are reused in two of the protocols.We also propose an enhancement of the extended Canetti-Krawczyk security model and definitionfor the situation where static public keys are reused in two or more key agreement protocols.
منابع مشابه
On reusing ephemeral keys in Diffie-Hellman key agreement protocols
A party may choose to reuse ephemeral public keys in a Diffie-Hellman key agreement protocol in order to reduce its computational workload or to mitigate against denial-of-service attacks. In this note we highlight the danger of reusing ephemeral keys if domain parameters are not appropriately selected or if public keys are not appropriately validated.
متن کاملPost-Quantum Static-Static Key Agreement Using Multiple Protocol Instances
Some key agreement protocols leak information about secret keys if dishonest participants use specialized public keys. We formalize these protocols and attacks, and present a generic transformation that can be made to such key agreement protocols to resist such attacks. Simply put, each party generates k different keys, and two parties perform key agreement using all k combinations of their ind...
متن کاملProvably secure and efficient identity-based key agreement protocol for independent PKGs using ECC
Key agreement protocols are essential for secure communications in open and distributed environments. Recently, identity-based key agreement protocols have been increasingly researched because of the simplicity of public key management. The basic idea behind an identity-based cryptosystem is that a public key is the identity (an arbitrary string) of a user, and the corresponding private key is ...
متن کاملUtilizing postponed ephemeral and pseudo-static keys in tripartite and identity-based key agreement protocols
We propose an new one-round implicitly authenticated three-party protocol that extends Joux’s protocol as well as a two-party identity-based protocol. Our protocols have a single communication round that consists of ephemeral (one-time) public keys along with certificates in the tripartite protocol, and identities in the identity-based setting. As such our protocols are communication efficient ...
متن کاملKey Agreement Using Statically Keyed Authenticators
A family of authenticators based on static shared keys is identified and proven secure. The authenticators can be used in a variety of settings, including identity-based ones. Application of the authenticators to Diffie-Hellman variants in appropriate groups leads to authenticated key agreement protocols which have attractive properties in comparison with other proven-secure protocols. We explo...
متن کامل