One-round identity-based key exchange with Perfect Forward Security

Identity-based authenticated key exchange (IBAKE) protocol is one of the most important cryptographic primitives that enables two parties using their identities to establish their common secret keys without sending and verifying public key certificates. Recently, many works have been dedicated to design efficient and secure IBAKE protocols without bilinear pairings which need the heavy computational cost. Unfortunately, most of the proposed protocols cannot provide Perfect Forward Security (PFS) which is a major security goal of authenticated key exchange protocols. In this paper we present an efficient and provably secure IBAKE protocol with PFS. Our protocol relies on the technique known as the concatenated Schnorr signature and it could be viewed as a variant of the protocol proposed by Fiore et al. in 2010. By using the Canetti-Krawczyk security model, we prove that the protocol is secure with PFS under the Computational Diffie-Hellman assumption in the random oracle model. The protocol is of interest since it offers a remarkable combination of advanced security properties and efficiency and its security proof is succinct and intelligible.

[1]  Liqun Chen,et al.  Identity based authenticated key agreement protocols from pairings , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[2]  Colin Boyd,et al.  Security of Two-Party Identity-Based Key Agreement , 2005, Mycrypt.

[3]  Cas J. F. Cremers,et al.  One-round Strongly Secure Key Exchange with Perfect Forward Secrecy and Deniability , 2011, IACR Cryptol. ePrint Arch..

[4]  Zhenfu Cao,et al.  Efficient Identity-based Authenticated Key Agreement Protocol with PKG Forward Secrecy , 2008, Int. J. Netw. Secur..

[5]  Vladimir Kolesnikov,et al.  IBAKE: Identity-Based Authenticated Key Exchange Protocol , 2011, IACR Cryptol. ePrint Arch..

[6]  Kenneth G. Paterson,et al.  Key Agreement Using Statically Keyed Authenticators , 2004, ACNS.

[7]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[8]  Hugo Krawczyk,et al.  Okamoto-Tanaka Revisited: Fully Authenticated Diffie-Hellman with Minimal Overhead , 2010, ACNS.

[9]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[10]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[11]  Rosario Gennaro,et al.  Making the Diffie-Hellman Protocol Identity-Based , 2010, CT-RSA.

[12]  Liqun Chen,et al.  Identity-based key agreement protocols from pairings , 2017, International Journal of Information Security.

[13]  Flavio D. Garcia,et al.  A Schnorr-Like Lightweight Identity-Based Signature Scheme , 2009, AFRICACRYPT.

[14]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[15]  Zhang Hui,et al.  Identity-based authenticated key exchange protocols , 2010, 2010 International Conference on Educational and Information Technology.