One-Round Protocols for Two-Party Authenticated Key Exchange

Cryptographic protocol design in a two-party setting has of tel ignored the possibility of simultaneous message transmission by each of the two parties (i.e., using a duplex channel). In particular, most protocols for two-party key exchange have been designed assuming that parties alternate sending their messages (i.e., assuming a bidirectional half-duplex channel). However, by taking advantage of the communication characteristics of the network it may be possible to design protocols with improved latency. This is the focus of the present work. We present three provably-secure protocols for two-party authenticated key exchange (AKE) which require only a single round. Our first, most efficient protocol provides key independence but not forward secrecy. Our second scheme additionally provides forward secrecy but requires some additional computation. Security of these two protocols is analyzed in the random oracle model. Our final protocol provides the same strong security guarantees as our second protocol, but is proven secure in the standard model. This scheme is only slightly less efficient (from a computational perspective) than the previous ones. Our work provides the first provably- secure one-round protocols for two-party AKE which achieve forward secrecy.

[1]  Emmanuel Bresson,et al.  Provably Authenticated Group Diffie-Hellman Key Exchange - The Dynamic Case , 2001, ASIACRYPT.

[2]  Serge Vaudenay,et al.  Authenticated Multi-Party Key Agreement , 1996, ASIACRYPT.

[3]  Silvio Micali,et al.  Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements , 2000, EUROCRYPT.

[4]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[5]  Moti Yung,et al.  Systematic Design of Two-Party Authentication Protocols , 1991, CRYPTO.

[6]  Emmanuel Bresson,et al.  Provably authenticated group Diffie-Hellman key exchange , 2001, CCS '01.

[7]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[9]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[10]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[11]  J. M. Irvine,et al.  CHAPTER 17 – THE UNIFIED MODEL , 1972 .

[12]  Gene Tsudik,et al.  New multiparty authentication services and key agreement protocols , 2000, IEEE Journal on Selected Areas in Communications.

[13]  Colin Boyd,et al.  On Key Agreement and Conference Key Agreement , 1997, ACISP.

[14]  Gene Tsudik,et al.  Diffie-Hellman key distribution extended to group communication , 1996, CCS '96.

[15]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[16]  Hideki Imai,et al.  ON SEEKING SMART PUBLIC-KEY-DISTRIBUTION SYSTEMS. , 1986 .

[17]  Emmanuel Bresson,et al.  Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions , 2002, EUROCRYPT.

[18]  Alfred Menezes,et al.  Authenticated Diffie-Hellman Key Agreement Protocols , 1998, Selected Areas in Cryptography.

[19]  Chak-Kuen Wong,et al.  A conference key distribution system , 1982, IEEE Trans. Inf. Theory.

[20]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[21]  Jonathan Katz,et al.  Scalable Protocols for Authenticated Group Key Exchange , 2003, Journal of Cryptology.

[22]  Wen-Guey Tzeng,et al.  A Practical and Secure-Fault-Tolerant Conferenc-Key Agreement Protocol , 2000, Public Key Cryptography.

[23]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[24]  Colin Boyd,et al.  Round-Optimal Contributory Conference Key Agreement , 2003, Public Key Cryptography.

[25]  Moti Yung,et al.  Systematic Design of a Family of Attack-Resistant Authentication Protocols , 1993, IEEE J. Sel. Areas Commun..