Cryptology ePrint Archive: Report 2001/040
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
Ran Canetti and Hugo Krawczyk
Abstract: We present a formalism for the analysis of key-exchange protocols
that combines previous definitional approaches and results in a definition
of security that enjoys some important analytical benefits:
(i) any key-exchange protocol that satisfies the security definition
can be composed with symmetric encryption and authentication functions
to provide provably secure communication channels;
(ii) the definition allows for simple modular proofs of security:
one can design and prove security of key-exchange protocols in an
idealized model where the communication links are perfectly authenticated,
and then translate them using general tools to obtain security in
the realistic setting of adversary-controlled links.
We exemplify the usability of our results by applying them to obtain the
proof of two main classes of key-exchange protocols, Diffie-Hellman and
key-transport, authenticated via symmetric or asymmetric techniques.
Further contributions of the paper include the formalization of
``secure channels'' in the context of key-exchange protocols, and
establishing sufficient conditions on the symmetric encryption and
authentication functions to realize these channels.
Category / Keywords: Key Exchange, Secure Channels, Cryptographic Protocols
Publication Info: An extended abstract of this work appears in the proceedings of Eurocrypt 2001, LNCS Vol. 2045.
Date: received 17 May 2001
Contact author: hugo at ee technion ac il
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation
Version: 20010517:181540 (All versions of this report)
Short URL: ia.cr/2001/040
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]