Making the Diffie-Hellman Protocol Identity-Based

This paper presents a new identity based key agreement protocol. In id-based cryptography (introduced by Adi Shamir in [29]) each party uses its own identity as public key and receives his secret key from a master Key Generation Center, whose public parameters are publicly known. The novelty of our protocol is that it can be implemented over any cyclic group of prime order, where the Diffie-Hellman problem is supposed to be hard. It does not require the computation of expensive bilinear maps, or additional assumptions such as factoring or RSA. The protocol is extremely efficient, requiring only twice the amount of bandwith and computation of the unauthenticated basic Diffie-Hellman protocol. The design of our protocol was inspired by MQV (the most efficient authenticated Diffie-Hellman based protocol in the public-key model) and indeed its performance is competitive with respect to MQV (especially when one includes the transmission and verification of certificates in the MQV protocol, which are not required in an id-based scheme). Our protocol requires a single round of communication in which each party sends only 2 group elements: a very short message, especially when the protocol is implemented over elliptic curves. We provide a full proof of security in the Canetti-Krawczyk security model for key exchange, including a proof that our protocol satisfies additional security properties such as forward secrecy, and resistance to reflection and key-compromise impersonation attacks.

[1]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[2]  Eiji Okamoto,et al.  Key Distribution Systems Based on Identification Information , 1987, CRYPTO.

[3]  Nigel P. Smart,et al.  AN IDENTITY BASED AUTHENTICATED KEY AGREEMENT PROTOCOL BASED ON THE WEIL PAIRING , 2001 .

[4]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[5]  Eike Kiltz,et al.  Direct chosen-ciphertext secure identity-based key encapsulation without random oracles , 2009, Theor. Comput. Sci..

[6]  Eike Kiltz,et al.  Chosen-Ciphertext Secure Identity-Based Encryption in the Standard Model with short Ciphertexts , 2006, IACR Cryptol. ePrint Arch..

[7]  Alfred Menezes,et al.  An Efficient Protocol for Authenticated Key Agreement , 2003, Des. Codes Cryptogr..

[8]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[9]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[10]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[11]  Chae Hoon Lim,et al.  More Flexible Exponentiation with Precomputation , 1994, CRYPTO.

[12]  David Cash,et al.  The Twin Diffie–Hellman Problem and Applications , 2009, Journal of Cryptology.

[13]  Eiji Okamoto,et al.  Key distribution system based on identification information , 1989, IEEE J. Sel. Areas Commun..

[14]  Diana K. Smetters,et al.  Domain-Based Administration of Identity-Based Cryptosystems for Secure Email and IPSEC , 2003, USENIX Security Symposium.

[15]  Kenneth G. Paterson,et al.  Efficient One-Round Key Exchange in the Standard Model , 2008, ACISP.

[16]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[17]  Hassan M. Elkamchouchi,et al.  An efficient protocol for authenticated key agreement , 2011, 2011 28th National Radio Science Conference (NRSC).

[18]  Ueli Maurer,et al.  Diffie-Hellman Oracles , 1996, CRYPTO.

[19]  Kenneth G. Paterson,et al.  Key Agreement Using Statically Keyed Authenticators , 2004, ACNS.

[20]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[21]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[22]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[23]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[24]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[25]  Zhang Ya-juan,et al.  An identity-based key-exchange protocol , 2008, Wuhan University Journal of Natural Sciences.

[26]  Toshiaki Tanaka,et al.  On the Existence of 3-Round Zero-Knowledge Protocols , 1998, CRYPTO.

[27]  Chuangui Ma,et al.  Ephemeral key compromise attack on the IB-KA protocol , 2009, IACR Cryptol. ePrint Arch..

[28]  Liqun Chen,et al.  Identity-based key agreement protocols from pairings , 2017, International Journal of Information Security.

[29]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[30]  Mihir Bellare,et al.  The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols , 2004, CRYPTO.

[31]  Liqun Chen,et al.  Identity based authenticated key agreement protocols from pairings , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[32]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[33]  Colin Boyd,et al.  Security of Two-Party Identity-Based Key Agreement , 2005, Mycrypt.

[34]  Mihir Bellare,et al.  The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[35]  Shahrokh Saeednia Improvement of Gunther's identity-based key exchange protocol , 2000 .