Initiator-Resilient Universally Composable Key Exchange

Key exchange protocols in the setting of universal composability are investigated. First we show that the ideal functionality \(\mathcal{F}_{\rm KE}\) of [9] cannot be realized in the presence of adaptive adversaries, thereby disproving a claim in [9]. We proceed to propose a modification \(\mathcal{F}_{\rm KE}^{(i,j)}\), which is proven to be realizable by two natural protocols for key exchange. Furthermore, sufficient conditions for securely realizing this modified functionality are given. Two notions of key exchange are introduced that allow for security statements even when one party is corrupted. Two natural key exchange protocols are proven to fulfill the ”weaker” of these notions, and a construction for deriving protocols that satisfy the ”stronger” notion is given.

[1]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[2]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[3]  Angelos D. Keromytis,et al.  Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols , 2001, Security Protocols Workshop.

[4]  Ivan Damgård,et al.  Expanding Pseudorandom Functions; or: From Known-Plaintext Security to Chosen-Plaintext Security , 2002, CRYPTO.

[5]  Angelos D. Keromytis,et al.  Efficient, DoS-resistant, secure key exchange for internet protocols , 2001, CCS '02.

[6]  Birgit Pfitzmann,et al.  A Universally Composable Cryptographic Library , 2003, IACR Cryptol. ePrint Arch..

[7]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[8]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[9]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation Without Set-Up Assumptions , 2003, Journal of Cryptology.

[10]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[11]  Michael Steiner,et al.  Secure group key agreement , 2002 .

[12]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[13]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[14]  Ivan Damgård,et al.  Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor , 2001, CRYPTO.

[15]  Jörn Müller-Quade,et al.  On Modeling IND-CCA Security in Cryptographic Protocols , 2003, IACR Cryptol. ePrint Arch..

[16]  Birgit Pfitzmann,et al.  A model for asynchronous reactive systems and its application to secure message transmission , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[17]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[18]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[19]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[20]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[21]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..