Paper 2001/040
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
Ran Canetti and Hugo Krawczyk
Abstract
We present a formalism for the analysis of key-exchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits: (i) any key-exchange protocol that satisfies the security definition can be composed with symmetric encryption and authentication functions to provide provably secure communication channels; and (ii) the definition allows for simple modular proofs of security: one can design and prove security of key-exchange protocols in an idealized model where the communication links are perfectly authenticated, and then translate them using general tools to obtain security in the realistic setting of adversary-controlled links. We exemplify the usability of our results by applying them to obtain the proof of two main classes of key-exchange protocols, Diffie-Hellman and key-transport, authenticated via symmetric or asymmetric techniques. Further contributions of the paper include the formalization of ``secure channels'' in the context of key-exchange protocols, and establishing sufficient conditions on the symmetric encryption and authentication functions to realize these channels.
Metadata
- Available format(s)
- PS
- Publication info
- Published elsewhere. An extended abstract of this work appears in the proceedings of Eurocrypt 2001, LNCS Vol. 2045.
- Keywords
- Key ExchangeSecure ChannelsCryptographic Protocols
- Contact author(s)
- hugo @ ee technion ac il
- History
- 2001-05-17: received
- Short URL
- https://ia.cr/2001/040
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2001/040,
author = {Ran Canetti and Hugo Krawczyk},
title = {Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels},
howpublished = {Cryptology {ePrint} Archive, Paper 2001/040},
year = {2001},
url = {https://eprint.iacr.org/2001/040}
}
