1 / 18

A Diffie-Hellman Key Exchange Protocol without Random Oracles

A Diffie-Hellman Key Exchange Protocol without Random Oracles. - 2006.12.21 - Ik Rae Jeong (ETRI) Jeong Ok Kwon (CIST) Dong Hoon Lee (CIST). Again Diffie-Hellman ?. Diffie-Hellman : 90 Diffie-Hellman key : 27 Diffie-Hellman key exchange : 11 Diffie-Hellman key exchange protocol : 1.

kuniko
Download Presentation

A Diffie-Hellman Key Exchange Protocol without Random Oracles

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Diffie-Hellman Key Exchange Protocol without Random Oracles - 2006.12.21 - Ik Rae Jeong (ETRI) Jeong Ok Kwon (CIST) Dong Hoon Lee (CIST)

  2. Again Diffie-Hellman ? • Diffie-Hellman : 90 • Diffie-Hellman key : 27 • Diffie-Hellman key exchange : 11 • Diffie-Hellman key exchange protocol : 1

  3. Contents • Security Notions of Key Exchange • Motivation • Review of Previous Schemes • KAM (our scheme) • Security of KAM

  4. Security Notions of Key Exchange • KI (Key Independence) • security against Denning-Sacco attacks (known key attacks) • for the cases when other session keys are revealed • FS (Forward Secrecy) • for the cases when long-term secrets are revealed • SSR (Session State Reveal) • for the cases when intermediate values (random numbers) are revealed • depends on the analyzed protocol

  5. Motivation • There exist many schemes providing forward secrecy (FS). • There are also schemes providing security against session state reveal (SSR) attacks. • But there exist few schemes providing FS and SSR. • HMQV-C provides FS and SSR securities in the random oracle model.

  6. Our Result • The first key exchange scheme providing forward secrecy and security against session state reveal without random oracles.

  7. Diffie-Hellman Secure in the authentication channel Bob Alice

  8. BCK (STOC98) FS in the standard model Bob Alice

  9. BCK (STOC98) Not secure against SSR attacks Bob Alice

  10. JKL (ACNS04) SSR in the random oracle model Bob Alice

  11. JKL (ACNS04) Not FS Bob Alice

  12. HMQV-C (Crypto05) FS and SSR in the random oracle model Bob Alice

  13. HDH (ABR, CT-RSA01) Indistinguishable

  14. ODH (ABR, CT-RSA01) Indistinguishable

  15. KAM Bob Alice

  16. Security • KAM • reduced to the HDH and ODH assumptions without random oracles

  17. 1) Make authenticated channel 2) Send ep-DH values through the authenticated channel 3) Make a session key using ep-DH and long-term DH values Proof Idea of KAM Bob Alice

  18. Thank You !

More Related