This paper investigates the two-pass (one round) authenticated key exchange protocol in the enhanced Canetti-Krawczyk (eCK) model with perfect forward security against active adversary. Currently, there exist no authenticated key exchange protocols which are provably secure in the eCK model and meanwhile achieve perfect forward security against active adversary in one round. We propose a new tw...

In this paper we revisit one of the most popular password-based key exchange protocols, namely the OKE (for Open Key Exchange) scheme, proposed by Luck in 1997. Our results can be highlighted as follows. First we define a new primitive that we call trapdoor hard-to-invert isomorphisms, and give some candidates. Then we present a generic password-based key exchange construction, that admits a se...

Non-interactive key exchange (NIKE) is a fundamental but much-overlooked cryptographic primitive. It appears as a major contribution in the ground-breaking paper of Diffie and Hellman, but NIKE has remained largely unstudied since then. In this paper, we provide different security models for this primitive and explore the relationships between them. We then give constructions for secure NIKE in...

General cryptographic schemes are presented where keys can be one-time or ephemeral. Processes for key exchange are derived. Public key cryptographic schemes based on the new systems are established. Authentication and signature schemes are easy to implement. The schemes may be integrated with error-correcting coding schemes so that encryption/coding and decryption/decoding may be done simultan...

In this paper, we propose a new method for designing public key cryptosystems based on general non-commutative rings. The key idea of our proposal is that for a given non-commutative ring, we can define polynomials and take them as the underlying work structure. By doing so, it is easy to implement Diffie-Helman-like key exchange protocol. And consequently, ElGamal-like cryptosystems can be der...

Affiliation-Hiding Authenticated Key Exchange (AH-AKE) protocols enable two distrusting users, being in possession of membership credentials for some group, to establish a secure session key without leaking any information about this group to non-members. In practice, users might be members of several groups, and such protocols must be able to generate session keys between users who have one or...

In this paper, we propose two authenticated key exchange (AKE) protocols, SMEN and SMEN−, which have efficient online computation and tight security proof in the extended Canetti-Krawczyk (eCK) model. SMEN takes 1.25 exponentiations in online computation, close to that (1.17 exponentiations) of the most efficient AKEs MQV and its variants HMQV and CMQV. SMEN has a security reduction as tight as...

Entity authentication and key distribution are central cryptographic problems in distributed computing|but up until now, they have lacked even a meaningful de nition. One consequence is that incorrect and ine cient protocols have proliferated. This paper provides the rst treatment of these problems in the complexity-theoretic framework of modern cryptography. Addressed in detail are two problem...

In the paper “Stronger Security of Authenticated Key Exchange” [1,2], a new security model for authenticated key exchange protocols (eCK) is proposed. The new model is suggested to be at least as strong as previous models for key exchange protocols. The model includes a new notion of an Ephemeral Key Reveal adversary query, which is claimed in e. g. [2–4] to be at least as strong as the Session...

We extend the well-known Tree-Diffie-Hellman technique used for the design of group key exchange (GKE) protocols with robustness, i.e. with resistance to faults resulting from possible system crashes, network failures, and misbehavior of the protocol participants. We propose a fully robust GKE protocol using the novel tree replication technique: our basic protocol version ensures security again...