Batch exponentiation: a fast DLP-based signature generation strategy
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Handbook of Applied Cryptography
Handbook of Applied Cryptography
The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
The Complexity of Certain Multi-Exponentiation Techniques in Cryptography
Journal of Cryptology
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Proceedings of the 16th ACM conference on Computer and communications security
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Improving efficiency and simplicity of Tor circuit establishment and hidden services
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Pairing-Based Onion Routing with Improved Forward Secrecy
ACM Transactions on Information and System Security (TISSEC)
High-speed high-security signatures
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Curve25519: new diffie-hellman speed records
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Provably Secure and Practical Onion Routing
CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium
Anonymity and one-way authentication in key exchange protocols
Designs, Codes and Cryptography
| Hi-index | 0.00 |
The onion routing (OR) network Tor provides privacy to Internet users by facilitating anonymous web browsing. It achieves anonymity by routing encrypted traffic across a few routers, where the required encryption keys are established using a key exchange protocol. Goldberg, Stebila and Ustaoglu recently characterized the security and privacy properties required by the key exchange protocol used in the OR network. They defined the concept of one-way authenticated key exchange (1W-AKE) and presented a provably secure 1W-AKE protocol called ntor, which is under consideration for deployment in Tor. In this paper, we present a novel 1W-AKE protocol Ace that improves on the computation costs of ntor: in numbers, the client has an efficiency improvement of 46% and the server of nearly 19%. As far as communication costs are concerned, our protocol requires a client to send one additional group element to a server, compared to the ntor protocol. However, an additional group element easily fits into the 512 bytes fix-sized Tor packets (or cell) in the elliptic curve cryptography (ECC) setting. Consequently, our protocol does not produce a communication overhead in the Tor protocol. Moreover, we prove that our protocol Ace constitutes a 1W-AKE. Given that the ECC setting is under consideration for the Tor system, the improved computational efficiency, and the proven security properties make our 1W-AKE an ideal candidate for use in the Tor protocol.