Paper 2007/123

Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS

Berkant Ustaoglu

Abstract

LaMacchia, Lauter and Mityagin recently presented a strong security definition for authenticated key agreement strengthening the well-known Canetti-Krawczyk definition. They also described a protocol, called NAXOS, that enjoys a simple security proof in the new model. Compared to MQV and HMQV, NAXOS is less efficient and cannot be readily modified to obtain a one-pass protocol. On the other hand MQV does not have a security proof, and the HMQV security proof is extremely complicated. This paper proposes a new authenticated key agreement protocol, called CMQV (`Combined' MQV), which incorporates design principles from MQV, HMQV and NAXOS. The new protocol achieves the efficiency of HMQV and admits a natural one-pass variant. Moreover, we present a simple and intuitive proof that CMQV is secure in the LaMacchia-Lauter-Mityagin model.

Note: Updated (extended) and corrected version; see "Errata" and "Revisions" in the appendix for a summary of changes.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Journal of "Designs Codes and Cryptography", 2008, v46(3).
Keywords
key agreement protocolsprovable securityMQVDiffie-Hellman
Contact author(s)
bustaoglu @ cryptolounge net
History
2009-06-22: last of 2 revisions
2007-04-03: received
See all versions
Short URL
https://ia.cr/2007/123
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/123,
      author = {Berkant Ustaoglu},
      title = {Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS},
      howpublished = {Cryptology ePrint Archive, Paper 2007/123},
      year = {2007},
      note = {\url{https://eprint.iacr.org/2007/123}},
      url = {https://eprint.iacr.org/2007/123}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.