Paper 2010/237

A New Security Model for Authenticated Key Agreement

Augustin P. Sarr, Philippe Elbaz–Vincent, and Jean–Claude Bajard

Abstract

The Canetti--Krawczyk (CK) and extended Canetti--Krawczyk (eCK) security models, are widely used to provide security arguments for key agreement protocols. We discuss security shades in the (e)CK models, and some practical attacks unconsidered in (e)CK--security arguments. We propose a strong security model which encompasses the eCK one. We also propose a new protocol, called Strengthened MQV (SMQV), which in addition to provide the same efficiency as the (H)MQV protocols, is particularly suited for distributed implementations wherein a tamper--proof device is used to store long--lived keys, while session keys are used on an untrusted host machine. The SMQV protocol meets our security definition under the Gap Diffie--Hellman assumption and the Random Oracle model.

Note: Typographical corrections.

Metadata
Available format(s)
PDF PS
Publication info
Published elsewhere. A short version of this paper is accepted at SCN 2010
Keywords
authenticated key agreementpractical vulnerabilitystrengthened eCK modelSMQV
Contact author(s)
a sarr @ netheos net
augussarr @ yahoo fr
History
2012-01-05: last of 4 revisions
2010-04-28: received
See all versions
Short URL
https://ia.cr/2010/237
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/237,
      author = {Augustin P.  Sarr and Philippe Elbaz–Vincent and Jean–Claude Bajard},
      title = {A New Security Model for Authenticated Key Agreement},
      howpublished = {Cryptology ePrint Archive, Paper 2010/237},
      year = {2010},
      note = {\url{https://eprint.iacr.org/2010/237}},
      url = {https://eprint.iacr.org/2010/237}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.