The Key Establishment Problem

Key Establishment is one of the most intriguing, fascinating and deeply studied problems in Cryptography. In this paper we propose a brief excursus among ideas and techniques that during the last years have been applied in a variety of settings, in order to design suitable and often mathematically delightful protocols to solve this issue. The presentation uses a very simple language: it is basically an introduction to the subject. Hopefully, it is even self-contained. Formal proofs and details are omitted, but the interested reader can find them in the referred papers.

[1]  Dan Boneh,et al.  Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes , 1996, CRYPTO.

[2]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[3]  Amos Beimel,et al.  Interaction in Key Distribution Schemes (Extended Abstract) , 1993, CRYPTO.

[4]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[5]  Shimshon Berkovits,et al.  How To Broadcast A Secret , 1991, EUROCRYPT.

[6]  Kaoru Kurosawa,et al.  On Key Distribution and Authentication in Mobile Radio Networks , 1994, EUROCRYPT.

[7]  Reihaneh Safavi-Naini,et al.  New constructions for multicast re-keying schemes using perfect hash families , 2000, CCS.

[8]  Jirí Sgall,et al.  Efficient dynamic traitor tracing , 2000, SODA '00.

[9]  Tsutomu Matsumoto,et al.  Incidence structures for key sharing , 1995 .

[10]  Paul C. van Oorschot,et al.  On Diffie-Hellman Key Agreement with Short Exponents , 1996, EUROCRYPT.

[11]  Mihir Bellare,et al.  Increasing the Lifetime of a Key: A Comparative Analysis of the Security of Re-keying Techniques , 2000, ASIACRYPT.

[12]  Yvo Desmedt,et al.  Towards practical “proven secure” authenticated key distribution , 1993, CCS '93.

[13]  Gordon B. Agnew,et al.  An Interactive Data Exchange Protocol Based on Discrete Exponentiation , 1988, EUROCRYPT.

[14]  Ueli Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[15]  Catherine A. Meadows,et al.  Formal Requirements for Key Distribution Protocols , 1994, EUROCRYPT.

[16]  Amos Fiat,et al.  Dynamic Traitor Tracing , 2001, Journal of Cryptology.

[17]  Jessica Staddon,et al.  Combinatorial Bounds for Broadcast Encryption , 1998, EUROCRYPT.

[18]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[19]  Michael J. Fischer,et al.  Multiparty Secret Key Exchange Using a Random Deal of Cards , 1991, CRYPTO.

[20]  Antonio Giorgio Gaggia A τ-Restricted Key Agreement Scheme , 1999 .

[21]  Emmanuel Bresson,et al.  Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks , 2002, ASIACRYPT.

[22]  Marc Girault,et al.  Self-Certified Public Keys , 1991, EUROCRYPT.

[23]  Emmanuel Bresson,et al.  The Group Diffie-Hellman Problems , 2002, Selected Areas in Cryptography.

[24]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[25]  Yacov Yacobi,et al.  On Key Distribution Systems , 1989, CRYPTO.

[26]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[27]  Gene Tsudik,et al.  Diffie-Hellman key distribution extended to group communication , 1996, CCS '96.

[28]  Martin E. Dyer,et al.  On key storage in secure networks , 1995, Journal of Cryptology.

[29]  Tsutomu Matsumoto,et al.  A Quick Group Key Distribution Scheme with "Entity Revocation" , 1999, ASIACRYPT.

[30]  Moti Yung,et al.  The KryptoKnight family of light-weight protocols for authentication and key distribution , 1995, TNET.

[31]  Douglas R. Stinson,et al.  Generalized Beimel-Chor Schemes for Broadcast Encryption and Interactive Key Distribution , 1998, Theor. Comput. Sci..

[32]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[33]  C. Moler,et al.  Advances in Cryptology , 2000, Lecture Notes in Computer Science.

[34]  Hideki Imai,et al.  ON SEEKING SMART PUBLIC-KEY-DISTRIBUTION SYSTEMS. , 1986 .

[35]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[36]  Ran Canetti,et al.  Efficient Communication-Storage Tradeoffs for Multicast Encryption , 1999, EUROCRYPT.

[37]  ' KenjiKoyamaKazuoOhta,et al.  Identity-based conference key distribution systems , 2002 .

[38]  Dan Boneh,et al.  Collusion-Secure Fingerprinting for Digital Data , 1998, IEEE Trans. Inf. Theory.

[39]  Yacov Yacobi A Key Distribution "Paradox" , 1990, CRYPTO.

[40]  Carles Padró,et al.  A Ramp Model for Distributed Key Distribution Schemes , 2001, Electron. Notes Discret. Math..

[41]  Christoph G. Günther,et al.  An Identity-Based Key-Exchange Protocol , 1990, EUROCRYPT.

[42]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[43]  Emmanuel Bresson,et al.  Provably Authenticated Group Diffie-Hellman Key Exchange - The Dynamic Case , 2001, ASIACRYPT.

[44]  Amos Fiat,et al.  Tracing traitors , 2000, IEEE Trans. Inf. Theory.

[45]  Kenji Koyama,et al.  Identity-based Conference Key Distribution Systems , 1987, CRYPTO.

[46]  Moni Naor,et al.  Digital signets: self-enforcing protection of digital information (preliminary version) , 1996, STOC '96.

[47]  M. Beller,et al.  Fully-fledged two-way public key authentication and key agreement for low-cost terminals , 1993 .

[48]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[49]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[50]  Ueli Maurer,et al.  The Relationship Between Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms , 1999, SIAM J. Comput..

[51]  Gilles Brassard,et al.  Secret-Key Reconciliation by Public Discussion , 1994, EUROCRYPT.

[52]  Derrick Grover,et al.  Cryptography: A Primer , 1982 .

[53]  Rolf Blom,et al.  An Optimal Class of Symmetric Key Generation Systems , 1985, EUROCRYPT.

[54]  Mike Burmester,et al.  On the Risk of Opening Distributed Keys , 1994, CRYPTO.

[55]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[56]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[57]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[58]  Kaoru Kurosawa,et al.  Security of the Center in Key Distribution Schemes , 1994, ASIACRYPT.

[59]  Ueli Maurer,et al.  Cryptography 2000±10 , 2001, Informatics.

[60]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[61]  Hoi-Kwong Lo,et al.  From Quantum Cheating to Quantum Security , 2000, quant-ph/0111100.

[62]  Gene Tsudik,et al.  Key Agreement in Dynamic Peer Groups , 2000, IEEE Trans. Parallel Distributed Syst..

[63]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[64]  Simon Singh,et al.  The Code Book: The Evolution of Secrecy from Mary, Queen of Scots, to Quantum Cryptography , 1999 .

[65]  Emmanuel Bresson,et al.  Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions , 2002, EUROCRYPT.

[66]  Amit Sahai,et al.  Coding Constructions for Blacklisting Problems without Computational Assumptions , 1999, CRYPTO.

[67]  Douglas R. Stinson,et al.  Trade-offs Between Communication and Storage in Unconditionally Secure Schemes for Broadcast Encryption and Interactive Key Distribution , 1996, CRYPTO.

[68]  John S. Baras,et al.  An Information Theoretic Analysis of Rooted-Tree Based Secure Multicast Key Distribution Schemes , 1999, CRYPTO.

[69]  Douglas R. Stinson,et al.  Key Preassigned Traceability Schemes for Broadcast Encryption , 1998, Selected Areas in Cryptography.

[70]  Moni Naor,et al.  Threshold Traitor Tracing , 1998, CRYPTO.

[71]  Moni Naor,et al.  Distributed Pseudo-random Functions and KDCs , 1999, EUROCRYPT.

[72]  Douglas R. Stinson,et al.  Some New Results on Key Distribution Patterns and Broadcast Encryption , 1998, Des. Codes Cryptogr..

[73]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[74]  Yvo Desmedt,et al.  On the Importance of Memory Resources in the Security of Key Exchange Protocols , 1990, EUROCRYPT.

[75]  Dong Hoon Lee,et al.  Privacy against Piracy: Protecting Two-Level Revocable P-K Traitor Tracing , 2002, ACISP.

[76]  Reihaneh Safavi-Naini,et al.  Sequential traitor tracing , 2003, IEEE Trans. Inf. Theory.

[77]  Yuliang Zheng,et al.  How to Break and Repair Leighton and Micali's Key Agreement Protocol , 1994, EUROCRYPT.

[78]  Carlo Blundo,et al.  Space Requirements for Broadcast Encryption , 1994, EUROCRYPT.

[79]  Smitha Surapaneni Secret Key Agreement without Public-Key Cryptography , 2003 .

[80]  Axthonv G. Oettinger,et al.  IEEE Transactions on Information Theory , 1998 .

[81]  Gene Tsudik,et al.  Di e-hellman key distribution extended to groups , 1996, CCS 1996.

[82]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[83]  Johannes A. Buchmann,et al.  On the Complexity and Efficiency of a New Key Exchange System , 1989, EUROCRYPT.

[84]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[85]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[86]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[87]  Douglas R. Stinson,et al.  Multiple Key Distribution Maintaining User Anonymity via Broadcast Channels , 1995, J. Comput. Secur..

[88]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[89]  A. Rosenblatt The code book: the evolution of secrecy from Mary Queen of Scots to quantum cryptography [Books] , 2000, IEEE Spectrum.

[90]  Douglas R. Stinson,et al.  On Some Methods for Unconditionally Secure Key Distribution and Broadcast Encryption , 1997, Des. Codes Cryptogr..

[91]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[92]  Amos Beimel,et al.  Communication in key distribution schemes , 1996, IEEE Trans. Inf. Theory.

[93]  Douglas R. Stinson,et al.  On Unconditionally Secure Robust Distributed Key Distribution Centers , 2002, ASIACRYPT.

[94]  Wen-Guey Tzeng,et al.  Round-Efficient Conference Key Agreement Protocols with Provable Security , 2000, ASIACRYPT.

[95]  Alfredo De Santis,et al.  Randomness in Distribution Protocols , 1996, Inf. Comput..

[96]  Duncan S. Wong,et al.  Efficient and Mutually Authenticated Key Exchange for Low Power Computing Devices , 2001, ASIACRYPT.

[97]  Richard M. Wilson,et al.  A course in combinatorics , 1992 .

[98]  Carles Padró,et al.  A Ramp Model for Distributed Key Distribution Schemes , 2001, Discret. Appl. Math..

[99]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[100]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[101]  Birgit Pfitzmann,et al.  Trials of Traced Traitors , 1996, Information Hiding.

[102]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[103]  Alexander Barg,et al.  A Broadcast Key Distribution Scheme Based on Block Designs , 1995, IMACC.

[104]  Avishai Wool,et al.  Long-Lived Broadcast Encryption , 2000, CRYPTO.

[105]  Jessica Staddon,et al.  Combinatorial properties of frameproof and traceability codes , 2001, IEEE Trans. Inf. Theory.

[106]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[107]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[108]  Jessica Staddon,et al.  Efficient Methods for Integrating Traceability and Broadcast Encryption , 1999, CRYPTO.

[109]  Yvo Desmedt,et al.  A Key Distribution System Based On Any One-Way Function (Extended Abstract) , 1989, EUROCRYPT.

[110]  Victor Shoup,et al.  Session Key Distribution Using Smart Cards , 1996, EUROCRYPT.

[111]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[112]  Carles Padró,et al.  Bounds and Constructions for Unconditionally Secure Distributed Key Distribution Schemes for General Access Structures , 2001, ISC.

[113]  Moti Yung,et al.  Perfectly Secure Key Distribution for Dynamic Conferences , 1992, Inf. Comput..

[114]  Kathleen A. S. Quinn Some constructions for key distribution patterns , 1994, Des. Codes Cryptogr..

[115]  Matthew K. Franklin,et al.  An Efficient Public Key Traitor Tracing Scheme , 1999, CRYPTO.

[116]  Hideki Imai,et al.  On the Key Predistribution System: A Practical Solution to the Key Distribution Problem , 1987, CRYPTO.

[117]  Silvio Micali,et al.  Secret-Key Agreement without Public-Key Cryptography , 1993, CRYPTO.

[118]  Douglas R. Stinson,et al.  Combinatorial Properties and Constructions of Traceability Schemes and Frameproof Codes , 1998, SIAM J. Discret. Math..

[119]  Johannes A. Buchmann,et al.  Implementation of a Key Exchange Protocol Using Some Real Quadratic Fields , 1990, EUROCRYPT.

[120]  Lenore Cowen,et al.  On the Structure of Secret Key Exchange Protocols , 1989, Distributed Computing And Cryptography.

[121]  Sarvar Patel,et al.  Password-Authenticated Key Exchange Based on RSA , 2000, ASIACRYPT.

[122]  U. Maurer,et al.  On the complexity of breaking the Diffie-Hellman protocol , 1996 .

[123]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[124]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[125]  Richard J. Lipton,et al.  Algorithms for Black-Box Fields and their Application to Cryptography (Extended Abstract) , 1996, CRYPTO.

[126]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[127]  Ueli Maurer,et al.  Secret key agreement by public discussion , 1993 .

[128]  Moti Yung,et al.  Escrow Encryption Systems Visited: Attacks, Analysis and Designs , 1995, CRYPTO.

[129]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[130]  Josef Pieprzyk,et al.  On password-based authenticated key exchange using collisionful hash functions , 1996, ACISP.

[131]  Evangelos Kranakis,et al.  On key distribution via true broadcasting , 1994, CCS '94.

[132]  Douglas R. Stinson,et al.  An explication of secret sharing schemes , 1992, Des. Codes Cryptogr..