Identity-based key agreement protocols from pairings

In recent years, a large number of identity- based key agreement protocols from pairings have been proposed. Some of them are elegant and practical. However, the security of this type of protocol has been surprisingly hard to prove, even in the random oracle model. The main issue is that a simulator is not able to deal with reveal queries, because it requires solving either a computational problem or a decisional problem, both of which are generally believed to be hard (i.e., computationally infeasible). The best solution so far for security proofs uses the gap assumption, which means assuming that the existence of a decisional oracle does not change the hardness of the corresponding computational problem. The disadvantage of using this solution to prove security is that such decisional oracles, on which the security proof relies, cannot be performed by any polynomial time algorithm in the real world, because of the hardness of the decisional problem. In this paper we present a method incorporating a built-in decisional function into the protocols. The function transfers a hard decisional problem in the proof to an easy decisional problem. We then discuss the resulting efficiency of the schemes and the relevant security reductions, in the random oracle model, in the context of different pairings one can use. We pay particular attention, unlike most other papers in the area, to the issues which arise when using asymmetric pairings.

[1]  Chris J. Mitchell,et al.  Key control in key agreement protocols , 1998 .

[2]  Eun-Jun Yoon,et al.  An Efficient ID-Based Authenticated Key Agreement Protocol from Pairings , 2004, NETWORKING.

[3]  Hung-Min Sun,et al.  Security Analysis of Shim's Authenticated Key Agreement Protocols from Pairings , 2003, IACR Cryptol. ePrint Arch..

[4]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[5]  Liqun Chen,et al.  Identity based authenticated key agreement protocols from pairings , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[6]  E. Okamoto Proposal for identity-based key distribution systems , 1986 .

[7]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[8]  Kyung-Ah Shim Cryptanalysis of Two ID-based Authenticated Key Agreement Protocols from Pairings , 2005, IACR Cryptol. ePrint Arch..

[9]  Guohong Xie,et al.  An ID-Based Key Agreement Scheme from pairing , 2005, IACR Cryptol. ePrint Arch..

[10]  Colin Boyd,et al.  On Session Key Construction in Provably-Secure Key Establishment Protocols , 2005, Mycrypt.

[11]  Paulo S. L. M. Barreto,et al.  A New Two-Party Identity-Based Authenticated Key Agreement , 2005, CT-RSA.

[12]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[13]  Authenticated ID-based Key Exchange and Remote Log-in with Insecure Token and PIN Number , 2002 .

[14]  Quan Yuan,et al.  A New Efficient ID-Based Authenticated Key Agreement Protocol , 2005, IACR Cryptol. ePrint Arch..

[15]  Private Communications , 2001 .

[16]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[17]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[18]  Kyung-Ah Shim,et al.  Cryptanalysis of ID-Based Authenticated Key Agreement Protocols from Bilinear Pairings (Short Paper) , 2006, ICICS.

[19]  Kenneth G. Paterson,et al.  Key Agreement Using Statically Keyed Authenticators , 2004, ACNS.

[20]  Nigel P. Smart,et al.  High Security Pairing-Based Cryptography Revisited , 2006, ANTS.

[21]  Chae Hoon Lim,et al.  A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp , 1997, CRYPTO.

[22]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[23]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[24]  Caroline J. Kudla,et al.  Special Signature Schemes and Key Agreement Protocols , 2006 .

[25]  Frederik Vercauteren,et al.  The Eta Pairing Revisited , 2006, IEEE Transactions on Information Theory.

[26]  Hyang-Sook Lee,et al.  IDENTITY BASED AUTHENTICATED KEY AGREEMENT FROM PAIRINGS , 2005 .

[27]  Jin Li,et al.  Towards Security Two-part Authenticated Key Agreement Protocols , 2005, IACR Cryptol. ePrint Arch..

[28]  Hovav Shacham,et al.  New paradigms in signature schemes , 2005 .

[29]  Kyung-Ah Shim Efficient ID-based authenticated key agreement protocol based on Weil pairing , 2003 .

[30]  Luminita Vasiu,et al.  On The Indistinguishability-Based Security Model of Key Agreement Protocols-Simple Cases , 2005, IACR Cryptol. ePrint Arch..

[31]  Liqun Chen,et al.  Security Proof of Sakai-Kasahara's Identity-Based Encryption Scheme , 2005, IMACC.

[32]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[33]  Alfred Menezes,et al.  An Efficient Protocol for Authenticated Key Agreement , 2003, Des. Codes Cryptogr..

[34]  YoungJu Choie,et al.  Efficient identity-based authenticated key agreement protocol from pairings , 2005, Appl. Math. Comput..

[35]  Nigel P. Smart,et al.  An Identity Based Authenticated Key Agreement Protocol Based on the Weil Pairing , 2002, IACR Cryptol. ePrint Arch..

[36]  Kenneth G. Paterson,et al.  Modular Security Proofs for Key Agreement Protocols , 2005, ASIACRYPT.

[37]  Masao Kasahara,et al.  ID based Cryptosystems with Pairing on Elliptic Curve , 2003, IACR Cryptol. ePrint Arch..

[38]  Eiji Okamoto,et al.  Key distribution system for mail systems using ID-related information directory , 1991, Comput. Secur..

[39]  Mike Scott,et al.  Authenticated ID-based Key Exchange and remote log-in with simple token and PIN number , 2002, IACR Cryptol. ePrint Arch..

[40]  Liqun Chen,et al.  On security proof of McCullagh?Barreto's key agreement protocol and its variants , 2007, Int. J. Secur. Networks.

[41]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.