Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Batch exponentiation: a fast DLP-based signature generation strategy
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Handbook of Applied Cryptography
Handbook of Applied Cryptography
An Efficient Protocol for Authenticated Key Agreement
Designs, Codes and Cryptography
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Key Agreement Protocols and Their Security Analysis
Proceedings of the 6th IMA International Conference on Cryptography and Coding
The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS
Designs, Codes and Cryptography
Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Comparing the Pre- and Post-specified Peer Models for Key Agreement
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Efficient One-Round Key Exchange in the Standard Model
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Comparing SessionStateReveal and EphemeralKeyReveal for Diffie-Hellman Protocols
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Stronger security of authenticated key exchange
ProvSec'07 Proceedings of the 1st international conference on Provable security
Authenticated key exchange and key encapsulation in the standard model
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
The twin Diffie-Hellman problem and applications
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
HMQV: a high-performance secure diffie-hellman protocol
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Security analysis of KEA authenticated key exchange protocol
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Comparing SessionStateReveal and EphemeralKeyReveal for Diffie-Hellman Protocols
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Modeling leakage of ephemeral secrets in tripartite/group key exchange
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
A new security model for authenticated key agreement
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
International Journal of Applied Cryptography
Security enhancement and modular treatment towards authenticated key exchange
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
Designing efficient authenticated key exchange resilient to leakage of ephemeral secret keys
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Leakage resilient eCK-secure key exchange protocol without random oracles
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Analysis and improvement of an authenticated key exchange protocol
ISPEC'11 Proceedings of the 7th international conference on Information security practice and experience
ProvSec'11 Proceedings of the 5th international conference on Provable security
TMQV: a strongly eCK-secure Diffie-Hellman protocol without gap assumption
ProvSec'11 Proceedings of the 5th international conference on Provable security
Characterization of strongly secure authenticated key exchanges without NAXOS technique
IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
On forward secrecy in one-round key exchange
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Sufficient condition for ephemeral key-leakage resilient tripartite key exchange
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Strongly authenticated key exchange protocol from bilinear groups without random oracles
ProvSec'12 Proceedings of the 6th international conference on Provable Security
Exposure-resilient one-round tripartite key exchange without random oracles
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Hi-index | 0.00 |
Both the "eCK" model, by LaMacchia, Lauter and Mityagin, and the "CK01" model, by Canetti and Krawczyk, address the effect of leaking session specific ephemeral data on the security of key establishment schemes. The CK01-adversary is given a SessionStateReveal query to learn session-specific private data defined by the protocol specification, whereas the eCK-adversary is equipped with an EphemeralKeyReveal query to access all ephemeral private input required to carry session computations. SessionStateReveal cannot be issued against the test session; by contrast EphemeralKeyReveal can be used against the test session under certain conditions. On the other hand, it is not obvious how EphemeralKeyReveal compares to SessionStateReveal . Thus it is natural to ask which model is more useful and practically relevant. While formally the models are not comparable, we show that recent analyses utilizing SessionStateReveal and EphemeralKeyReveal have a similar approach to ephemeral data leakage. First we pinpoint the features that determine the approach. Then by examining common motives for ephemeral data leakage we conclude that the approach is meaningful, but does not take into account timing, which turns out to be critical for security. Lastly, for Diffie-Hellman protocols we argue that it is important to consider security when discrete logarithm values of the outgoing ephemeral public keys are leaked and offer a method to achieve security even if these values are exposed.