Authentication and authenticated key exchanges
Designs, Codes and Cryptography
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Fast Probabilistic Algorithms for Verification of Polynomial Identities
Journal of the ACM (JACM)
An unknown key-share attack on the MQV key agreement protocol
ACM Transactions on Information and System Security (TISSEC)
Provably authenticated group Diffie-Hellman key exchange
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Authenticated Diffie-Hellman Key Agreement Protocols
SAC '98 Proceedings of the Selected Areas in Cryptography
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Key Agreement Protocols and Their Security Analysis
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol
PKC '99 Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
One-Time verifier-based encrypted key exchange
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Password-Based authenticated key exchange in the three-party setting
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
HMQV: a high-performance secure diffie-hellman protocol
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS
Designs, Codes and Cryptography
Tracing Malicious Proxies in Proxy Re-encryption
Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
Traitor tracing with constant size ciphertext
Proceedings of the 15th ACM conference on Computer and communications security
Multi-use unidirectional proxy re-signatures
Proceedings of the 15th ACM conference on Computer and communications security
Group Encryption: Non-interactive Realization in the Standard Model
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Structure-preserving signatures and commitments to group elements
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
A new security model for authenticated key agreement
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
A generic variant of NIST's KAS2 key agreement protocol
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
Block-wise p-signatures and non-interactive anonymous credentials with efficient attributes
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Strongly-secure identity-based key agreement and anonymous extension
ISC'07 Proceedings of the 10th international conference on Information Security
| Hi-index | 0.00 |
The main application of cryptography is the establishment of secure channels. The most classical way to achieve this goal is definitely the use of variants of the signed Diffie-Hellman protocol. It applies a signature algorithm on the flows of the basic Diffie-Hellman key exchange, in order to achieve authentication. However, signature-less authenticated key exchange have numerous advantages, and namely from the efficiency point of view. They are thus well-suited for some constrained environments. On the other hand, this efficiency comes at the cost of some uncertainty about the actual security. This paper focuses on the two most famous signature-less authenticated key exchange protocols, MTI/C0 and MQV. While the formal security of MTI/C0 has never been studied, results for the plain MQV protocol are still debated. We point out algorithmic assumptions on which some security proofs can be built in the random oracle model. The stress is put on implementation aspects that must be properly dealt with in order to obtain the expected security. Some formalizations about authenticated key exchange, and the generic model, are of independent interest.