Dynamic group Diffie-Hellman protocols for Authenticated Key Exchange (AKE) are designed to work in a scenario in which the group membership is not known in advance but where parties may join and may also leave the multicast group at any given time. While several schemes have been proposed to deal with this scenario no formal treatment for this cryptographic problem has ever been suggested. In ...

We present a security analysis of the Diffie-Hellman keyexchange protocol authenticated with digital signatures used by the Internet Key Exchange (IKE) standard. The analysis is based on an adaptation of the key-exchange model from [Canetti and Krawczyk, Eurocrypt’01] to the setting where peers identities are not necessarily known or disclosed from the start of the protocol. This is a common pr...

In 2003, Boyd and Mao proposed two deniable authenticated key establishment protocols using elliptic curve pairings for Internet protocols, one is based on Diffie-Hellman key exchange and the other is based on Public-Key Encryption approach. For the use of elliptic curve pairings, they declared that their schemes could be more efficient than the existing Internet Key Exchange (IKE), nowadays. H...

There has been many hidden communication techniques proposed in the last few years. The focus was given to steganography to build such techniques. Utilizing stego-key(s) to hide secret messages into images strengthen the security of these techniques. However, adopting one of the available keyagreement protocols, to distribute stego-key(s) between the communicating parties, will destroy the infr...

Authenticated key exchange (AKE) protocols allow two parties communicating over an insecure network to establish a common secret key. They are among the most widely used cryptographic protocols in practice. In order to resist key-leakage attacks, several leakage resilient AKE protocols have been proposed recently in the bounded leakage model. In this paper, we initiate the study on leakage resi...

Recently, LaMacchia, Lauter and Mityagin proposed the extended Canetti-Krawczyk (eCK) model for Authenticated Key Exchange (AKE) protocols that covers many attacks on existing models. An ID-based AKE protocol with Perfect Forward Secrecy (PFS) (respectively Master Perfect Forward Secrecy (MPFS)) ensures that revelation of the static keys of the parties (respectively the master secret key of the...

We introduce a formal model for certificateless authenticated key exchange (CL-AKE) protocols. Contrary to what might be expected, we show that the natural combination of an ID-based AKE protocol with a public key based AKE protocol cannot provide strong security. We provide the first one-round CL-AKE scheme proven secure in the random oracle model. We introduce two variants of the Diffie-Hellm...

One-round authenticated key exchange (ORKE) is an established research area, with many prominent protocol constructions like HMQV (Krawczyk, CRYPTO 2005) and Naxos (La Macchia et al., ProvSec 2007), and many slightly different, strong security models. Most constructions combine ephemeral and static Diffie-Hellman Key Exchange (DHKE), in a manner often closely tied to the underlying security mod...

We present axioms and inference rules for reasoning about Diffie-Hellman-based key exchange protocols and use these rules to prove authentication and secrecy properties of two important protocol standards, the Diffie-Hellman variant of Kerberos, and IKEv2, the revised standard key management protocol for IPSEC. The new proof system is sound for an accepted semantics used in cryptographic studie...

We introduce a new lightweight generic compiler that is able to transform any passively forward secure twomessage key exchange (KE) protocols into authenticated key exchange (AKE) protocols with security in the presence of active adversaries who can reveal critical session specific information such as long-term or ephemeral secrets and can establish malicious parties. The compiler is built base...