Paper 2005/270

Examining Indistinguishability-Based Proof Models for Key Establishment Protocols

Kim-Kwang Raymond Choo, Colin Boyd, and Yvonne Hitchcock

Abstract

We examine various indistinguishability-based proof models for key establishment protocols, namely the Bellare & Rogaway (1993, 1995), the Bellare, Pointcheval, & Rogaway (2000), and the Canetti & Krawczyk (2001) proof models. We then consider several variants of these proof models, identify several subtle differences between these variants and models, and compare the relative strengths of the notions of security between the models. For each of the pair of relations between the models (either an implication or a non-implication), we provide proofs or counter-examples to support the observed relations. We also reveal a drawback with the original formulation of the Bellare, Pointcheval, & Rogaway (2000) model, whereby the Corrupt query is not allowed. As a case study, we use the Abdalla & Pointcheval (2005) three-party password-based key exchange protocol (3PAKE), which carries a proof of security in the Bellare, Pointcheval, & Rogaway (2000) model. We reveal a previously unpublished flaw in the protocol, and demonstrate that this attack would not be captured in the model due to the omission of the Corrupt query.

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. The abridged version of this paper is going to appear in the proceedings of Asiacrypt 2005, LNCS 3788/2005 (pp. 585--604).
Contact author(s)
k choo @ qut edu au
History
2005-10-06: last of 4 revisions
2005-08-17: received
See all versions
Short URL
https://ia.cr/2005/270
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2005/270,
      author = {Kim-Kwang Raymond Choo and Colin Boyd and Yvonne Hitchcock},
      title = {Examining Indistinguishability-Based Proof Models for Key Establishment Protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2005/270},
      year = {2005},
      note = {\url{https://eprint.iacr.org/2005/270}},
      url = {https://eprint.iacr.org/2005/270}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.