Cryptology ePrint Archive: Report 1999/012

On Formal Models for Secure Key Exchange

Victor Shoup

Abstract: A new formal security model for session key exchange protocols is proposed, and several efficient protocols are analyzed in this model. Our new model is in the style of multi-party simulatability: it specifies the service and security guarantees that a key exchange protocol should provide to higher-level protocols as a simple, natural, and intuitive interface to which a high-level protocol designer can program. The relationship between this new model and previously proposed models is explored, and in particular, several flaws and shortcomings in previously proposed models are discussed. The model also deals with anonymous users---that is, users who do not have public keys, but perhaps have passwords that can be used to authenticate themselves within a secure session.

Category / Keywords: session key exchange, multi-party computation, formal models,

Publication Info: Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.

Date: received April 19, 1999. Revised November 15, 1999.

Contact author: sho at zurich ibm com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Short URL: ia.cr/1999/012

Discussion forum: Show discussion | Start new discussion