A complementary analysis of the (s)YZ and DIKE protocols

Authors:
Augustin P. Sarr;Philippe Elbaz---Vincent
Affiliations:
Université de Strasbourg, France;Institut Fourier --- CNRS, Université Grenoble 1, France
Venue:
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Year:
2012

Citing 15
Cited 0

Entity authentication and key distribution

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Diffie-Hellman Oracles

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels

EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Protocols for Key Establishment and Authentication

Protocols for Key Establishment and Authentication
Comparing the pre- and post-specified peer models for key agreement

International Journal of Applied Cryptography
Stronger security of authenticated key exchange

ProvSec'07 Proceedings of the 1st international conference on Provable security
A new security model for authenticated key agreement

SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Deniable internet key exchange

ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
A secure and efficient authenticated Diffie-Hellman protocol

EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Examining indistinguishability-based security models for key exchange protocols: the case of CK, CK-HMQV, and eCK

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Taxonomical security consideration of authenticated key exchange resilient to intermediate computation leakage

ProvSec'11 Proceedings of the 5th international conference on Provable security
On the importance of public-key validation in the MQV and HMQV key agreement protocols

INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
HMQV: a high-performance secure diffie-hellman protocol

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
On robust key agreement based on public key authentication

FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Canetti---Krawczyk (CK) model remains widely used for the analysis of key agreement protocols. We recall the CK model, and its variant used for the analysis of the HMQV protocol, the CK$_\text{HMQV}$ model; we recall also some of the limitations of these models. Next, we show that the (s)YZ protocols do not achieve their claimed CK$_\text{HMQV}$ security. Furthermore, we show that they do not achieve their claimed computational fairness. Our attack suggests that no two---pass key establishment protocol can achieve this attribute. We show also that the Deniable Internet Key Exchange fails in authentication; this illustrates the inability of capturing some impersonation attacks in the CK model. Besides, we propose a secure, efficient, and deniable protocol, geared to the post peer specified model.