Batch exponentiation: a fast DLP-based signature generation strategy
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
The random oracle methodology, revisited
Journal of the ACM (JACM)
Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS
Designs, Codes and Cryptography
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
An eCK-Secure Authenticated Key Exchange Protocol without Random Oracles
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Comparing SessionStateReveal and EphemeralKeyReveal for Diffie-Hellman Protocols
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Stronger security of authenticated key exchange
ProvSec'07 Proceedings of the 1st international conference on Provable security
Authenticated key exchange and key encapsulation in the standard model
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
A new security model for authenticated key agreement
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Hi-index | 0.00 |
We present an enhanced security model for the authenticated key exchange (AKE) protocols to capture the pre-master secret replication attack and to avoid the controversial random oracle assumption in the security proof. Our model treats the AKE protocol as two relatively independent modules, the secret exchange module and the key derivation module, and formalizes the adversarial capabilities and security properties for each of these modules. We prove that the proposed security model is stronger than the extended Canetti-Krawczyk model. Moreover, we introduce NACS, a two-pass AKE protocol which is secure in the enhanced model. NACS is practical and efficient, since it reqires less exponentiations, and, more important, admits a tight security reduction with weaker standard cryptographic assumptions. Finally, the compact and elegant security proof of NACS shows that our method is reasonable and effective.