Abstract
Various optimizations in the Canetti–Krawczyk model for secure protocol design are proven to preserve security. In particular it is shown that multiple authenticators may be safely used together; that certain message components generated by authenticators may be reordered (to be sent at a different time) or replaced with other values with certain precautions; and that protocols may be defined in the ideal world with session identifiers constructed during protocol runs. Consequently protocol designers now have a set of clear rules to optimize and customize their designs without fear of breaking the security proof. In order to obtain the required proofs, we find it necessary to slightly revise the authenticated links part of the Canetti–Krawczyk model.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Backes, M., Pfitzmann, B., Steiner, M., Waidner, M.: Polynomial Fairness and Liveness. In: 15th IEEE Computer Security Foundations Workshop–CSFW 2002, IEEE Computer Society Press, pp. 160–174
Bellare, M., Rogaway, P.: Provably secure session key distribution – the three party case. In: Proc. 27th ACM Symposium on the Theory of Computing, ACM 1995, pp. 57–66
Bellare M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols. In: Proc. thirtieth Annual ACM Symposium on Theory of computing, ACM 1998, pp. 419–428. Full version at http://www-cse.ucsd.edu/users/mihir/papers/key-distribution.html
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) Advances in Cryptology – Eurocrypt 2000 vol. 1807. Lecture Notes in Computer Science. Springer-Verlag 2000, pp. 139–155
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Advances in Cryptology – CRYPTO'93 vol. 773. Lecture Notes in Computer Science. Springer-Verlag 1993, pp. 232–249. Full version at http://www-cse.ucsd.edu/users/mihir
Blake-Wilson, S., Menezes, A.: Authenticated Diffie-Hellman key agreement protocols. In: Tavares, S. et al. (ed.) Selected Areas in Cryptography, 5th International Workshop, vol 1556. Lecture Notes in Computer Science. Springer-Verlag 1999, pp. 339–361
Boyd, C., Mao, W., Paterson, K.: Key agreement using statically keyed authenticators. In: Applied Cryptography and Newwork Security (ACNS'04) vol. 3089 Lecture Notes in Computer Science. Springer-Verlag 2004, pp. 248–262. Corrected version at http://sky.fit.qut.edu.au/~boydc/papers/acns04-corrected.pdf
Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) Advances in Cryptology – Eurocrypt 2000, vol. 1807. Lecture Notes in Computer Science. Springer-Verlag 2000, pp. 156–171
Bresson, E., Chevassut, O., Pointcheval, D.: Dynamic group Diffie-Hellman key exchange under standard assumptions. In: Advances in Cryptology – Eurocrypt 2002, vol. 2332. Lecture Notes in Computer Science. Springer-Verlag 2002, pp. 321-336
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols (Extended Abstract), IEEE, 42nd IEEE Symposium on Foundations of Computer Science, IEEE Computer Society Press, pp. 136–145, 2001, Full version available at: http://eprint.iacr.org/2000/067
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Advances in Cryptology – Eurocrypt 2001, vol. 2045. Lecture Notes in Computer Science. Springer-Verlag 2001, pp. 453–474 http://eprint.iacr.org/2001/040.ps.gz
Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and Multi-Party secure computation. In: Proc. 34th Annual Symposium on Theory of Computing (STOC) 2002, ACM Press, pp. 494–503. Full paper appeared as Cryptology ePrint Archive: Report 2002/140, http://eprint.iacr.org/2002/140/
Hitchcock, Y., Tin, Y.S.T., Boyd, C., González Nieto, J.M., Montague, P.: A password-based authenticator: Security proof and applications. In: 4th International Conference on Cryptology in India – INDOCRYPT 2003, vol. 2904. Lecture Notes in Computer Science. Springer-Verlag 2003
ISO. Information Technology – Security Techniques – Key Management – Part 3: Mechanisms Using Asymmetric Techniques. ISO/IEC 11770-3, ISO 1999, International Standard
Terry Tin, Y.S., Colin, B., González Nieto, J.M.: Provably secure key exchange: An Engineering approach. In: Chris, J., Paul, M., Chris, S. (eds.) Australasian Information Security Workshop, vol. 21. Conferences in Research and Practice in Information Technology. Australian Computer Society. Adelaide Australia 2003, pp. 97–104
Tin, Y.S.T., Boyd, C., González Nieto, J.M.: Provably secure mobile key exchange: Applying the Canetti-Krawczyk approach. In: Information security and privacy – ACISP 2003, vol. 2727. Lecture Notes in Compututer Science. Springer-Verlag 2003, pp. 166—179
Author information
Authors and Affiliations
Corresponding author
Additional information
Research funded by Australian Research Council through Discovery Project DP0345775
Rights and permissions
About this article
Cite this article
Hitchcock, Y., Boyd, C. & González Nieto, J. Modular proofs for key exchange: rigorous optimizations in the Canetti–Krawczyk model. AAECC 16, 405–438 (2006). https://doi.org/10.1007/s00200-005-0185-9
Received:
Revised:
Published:
Issue date:
DOI: https://doi.org/10.1007/s00200-005-0185-9