An ID-based authenticated key exchange protocol based on bilinear Diffie-Hellman problem

Huang, Hai; Cao, Zhenfu

doi:10.1145/1533057.1533101

Cited by 75 publications

(59 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most of previous ID-AKE schemes [CCS07,HC09,FG10,FSU10] are proved in the ROM. Moreover, though the generic construction of ID-AKE in [BCGNP08,BCGNP09] is secure in the StdM, its security is not proved in the id-CK + model.…”

Section: Pairing-based Instantiationsmentioning

confidence: 99%

Strongly secure authenticated key exchange from factoring, codes, and lattices

Fujioka

Suzuki

Xagawa

et al. 2014

Des. Codes Cryptogr.

View full text Add to dashboard Cite

Abstract. An unresolved problem in research on authenticated key exchange (AKE) is to construct a secure protocol against advanced attacks such as key compromise impersonation and maximal exposure attacks without relying on random oracles. HMQV, a state of the art AKE protocol, achieves both efficiency and the strong security proposed by Krawczyk (we call it the CK + model), which includes resistance to advanced attacks. However, the security proof is given under the random oracle model. We propose a generic construction of AKE from a key encapsulation mechanism (KEM). The construction is based on a chosen-ciphertext secure KEM, and the resultant AKE protocol is CK + secure in the standard model. The construction gives the first CK + secure AKE protocols based on the hardness of integer factorization problem, code-based problems, or learning problems with errors. In addition, instantiations under the Diffie-Hellman assumption or its variant can be proved to have strong security without non-standard assumptions such as πPRF and KEA1. Furthermore, we extend the CK + model to identity-based (called the id-CK + model), and propose a generic construction of identity-based AKE (ID-AKE) based on identity-based KEM, which satisfies id-CK + security. The construction leads first strongly secure ID-AKE protocols under the hardness of integer factorization problem, or learning problems with errors.

show abstract

Section: Pairing-based Instantiationsmentioning

confidence: 99%

Strongly secure authenticated key exchange from factoring, codes, and lattices

Fujioka

Suzuki

Xagawa

et al. 2014

Des. Codes Cryptogr.

View full text Add to dashboard Cite

show abstract

“…Examples for public key schemes applicable to this diagram would be NAXOS [LLM07] and CMQV [Ust08], an example for an ID-based scheme would be the ASIACCS09 [HC08] scheme. However, a combination of these schemes would not have any security guarantees about the dashed lines in the certificateless part of the diagram.…”

Section: Why a Natural Composition Of Cl-ake From Id-ake And Pk-ake Imentioning

confidence: 99%

“…See [CKS08], [HC08] for an explanation and a proof. Additionally we need the "Additive double BDH Trapdoor Test" and the "Multiplicative double BDH Trapdoor Test" for Strategy 9:…”

Section: The Twin Bilinear Diffie-hellman Trapdoor Theoremsmentioning

confidence: 99%

Strongly Secure Certificateless Key Agreement

Lippold

Boyd

Nieto

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We introduce a formal model for certificateless authenticated key exchange (CL-AKE) protocols. Contrary to what might be expected, we show that the natural combination of an ID-based AKE protocol with a public key based AKE protocol cannot provide strong security. We provide the first one-round CL-AKE scheme proven secure in the random oracle model. We introduce two variants of the Diffie-Hellman trapdoor introduced by [CKS08]. The proposed key agreement scheme is secure as long as each party has at least one uncompromised secret. Thus, our scheme is secure even if the key generation centre learns the ephemeral secrets of both parties.

show abstract

“…In NAXOS' approach no one is able to query the discrete logarithm of an ephemeral public key X without the pair (x, a); thus the discrete logarithm of X is hidden via an extra random oracle. Using NAXOS' approach many protocols [25,11,16,17] were argued secure in the eCK model under the random oracle assumption. In the standard model, the only (to our knowledge) eCK-secure protocol is due to Okamoto [22]; it uses pseudo-random functions instead of hash functions.…”

Section: Introductionmentioning

confidence: 99%

Strongly Secure Authenticated Key Exchange without NAXOS’ Approach

Kim

Fujioka

Ustaoğlu

2009

Advances in Information and Computer Security

View full text Add to dashboard Cite

Abstract. LaMacchia, Lauter and Mityagin [15] proposed the extended Canetti-Krawczyk (eCK) model and an AKE protocol, called NAXOS. Unlike previous security models, the adversary in the eCK model is allowed to obtain ephemeral secret information related to the test session, which makes the security proof difficult. To overcome this NAXOS combines an ephemeral private key x with a static private key a to generate an ephemeral public key X; more precisely X = g H(x,a) . As a result, no one is able to query the discrete logarithm of X without knowing both the ephemeral and static private keys. In other words, the discrete logarithm of an ephemeral public key, which is typically the ephemeral secret, is hidden via an additional random oracle. In this paper, we show that it is possible to construct eCK-secure protocol without the NAXOS' approach by proposing two eCK-secure protocols. One is secure under the GDH assumption and the other under the CDH assumption; their efficiency and security assurances are comparable to the well-known HMQV [12] protocol. Furthermore, they are at least as secure as protocols that use the NAXOS' approach but unlike them and HMQV, the use of the random oracle is minimized and restricted to the key derivation function.

show abstract

An ID-based authenticated key exchange protocol based on bilinear Diffie-Hellman problem

Cited by 75 publications

References 19 publications

Strongly secure authenticated key exchange from factoring, codes, and lattices

Strongly secure authenticated key exchange from factoring, codes, and lattices

Strongly Secure Certificateless Key Agreement

Strongly Secure Authenticated Key Exchange without NAXOS’ Approach

Contact Info

Product

Resources

About