Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Authenticated Multi-Party Key Agreement
ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Efficient One-Round Key Exchange in the Standard Model
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
One-round key exchange in the standard model
International Journal of Applied Cryptography
Reusing Static Keys in Key Agreement Protocols
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Stronger security of authenticated key exchange
ProvSec'07 Proceedings of the 1st international conference on Provable security
About the security of MTI/C0 and MQV
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Security analysis of KEA authenticated key exchange protocol
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Authenticated key exchange with entities from different settings and varied groups
ProvSec'12 Proceedings of the 6th international conference on Provable Security
Hi-index | 0.00 |
We propose a generic three-pass key agreement protocol that is based on a certain kind of trapdoor one-way function family. When specialized to the RSA setting, the generic protocol yields the so-called KAS2 scheme that has recently been standardized by NIST. On the other hand, when specialized to the discrete log setting, we obtain a new protocol which we call DH2. An interesting feature of DH2 is that parties can use different groups (e.g., different elliptic curves). The generic protocol also has a hybrid implementation, where one party has an RSA key pair and the other party has a discrete log key pair. The security of KAS2 and DH2 is analyzed in an appropriate modification of the extended Canetti-Krawczyk security model.