We observe that the definitions of security in the computational complexity proof models of Bellare & Rogaway (1993) and Canetti & Krawczyk (2001) require two partners in the presence of a malicious adversary to accept the same session key, which we term a key sharing requirement. We then revisit the Bellare–Rogaway three-party key distribution (3PKD) protocol and the Jeong–Katz–Lee two-party a...

This paper shows how several ring-LWE based key exchange protocols can be broken, under the assumption that the same key share is used for multiple exchanges. This indicates that, if these key exchange protocols are used, then it will be necessary for a fresh key share be generated for each exchange, and that these key exchange protocols cannot be used as a drop in replacement for designs which...

Supersingular isogeny Diffie-Hellman (SIDH) is an attractive candidate for postquantum key exchange, in large part due to its relatively small public key sizes. A recent paper by Azarderakhsh, Jao, Kalach, Koziel and Leonardi showed that the public keys defined in Jao and De Feo’s original SIDH scheme can be further compressed by around a factor of two, but reported that the performance penalty...

We introduce a compact and efficient representation of elements of the algebraic torus. This allows us to design a new discretelog based public-key system achieving the optimal communication rate, partially answering the conjecture in [4]. For n the product of distinct primes, we construct efficient ElGamal signature and encryption schemes in a subgroup of F ∗ qn in which the number of bits exc...

Communication complexity has always been an important issue when designing group key distribution systems. This paper systematically studies what can be achieved for the most common measures of protocol complexity. Lower bounds for the total number of messages, the total number of exchanges, and the number of necessary rounds are established, whereby models that allow broadcasting have to be di...

The TLS protocol has been a subject of studies, analyses and verification attempts over the years, but a recently discovered attack against the key renegotiation in the TLS protocol underlined the need to more thoroughly study the key renegotiation phase and focus on aspects not investigated before. We study the key renegotiation phase of the TLS protocol and use formal models for automatic ver...

In 2008, based on the two-party Diffie–Hellman technique, Biswas proposed a contributory group key exchange protocol called the Group-DH protocol. This contributory property is an important one of group key agreement. Unfortunately, in this paper we show that the proposed Group-DH protocol is not a contributory group key exchange protocol. Therefore, we propose an improved group key exchange pr...

An authenticated group key exchange (AGKE) protocol allows a group of participants to establish a common session key and then provides secure group communications in collaborative and distributed applications. Recently, Wu et al. proposed an ID-based authenticated group key exchange protocol based on bilinear pairings. They claimed that their protocol can detect and identify the malicious parti...

Secure communication over the Internet becomes an essential requirement for any value-added Internet application. The use of cryptography for secure communication brings out the requirement of cryptographic key management. This paper examines some security issues on the Internet Key Exchange (IKE) protocol specified in RFC 2409. The investigation is intended for clarifying some specification am...