Paper 2002/059
Universally Composable Notions of Key Exchange and Secure Channels
Ran Canetti and Hugo Krawczyk
Abstract
Recently, Canetti and Krawczyk (Eurocrypt 2001) formulated a notion of security for key-exchange (KE) protocols, called SK-security, and showed that this notion suffices for constructing secure channels. Their model and proofs, however, do not suffice for proving more general composability properties of SK-secure KE protocols. We show that while the notion of SK-security is strictly weaker than a fully-idealized notion of key exchange security, it is sufficiently robust for providing secure composition with arbitrary protocols. In particular, SK-security guarantees the security of the key for any application that desires to set-up secret keys between pairs of parties. We also provide new definitions of secure-channels protocols with similarly strong composability properties, and show that SK-security suffices for obtaining these definitions. To obtain these results we use the recently proposed framework of "universally composable (UC) security." We also use a new tool, called "non-information oracles," which will probably find applications beyond the present case. These tools allow us to bridge between seemingly limited indistinguishability-based definitions such as SK-security and more powerful, simulation-based definitions, such as UC-security, where general composition theorems can be proven. Furthermore, based on such composition theorems we reduce the analysis of a full-fledged multi-session key-exchange protocol to the (simpler) analysis of individual, stand-alone, key-exchange sessions.
Metadata
- Available format(s)
- PS
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Extended abstract of this work appears in the proceedings of Eurocrypt 2002.
- Keywords
- Key ExchangeCryptographic ProtocolsProofs of Security
- Contact author(s)
- canetti @ watson ibm com
- History
- 2002-05-14: received
- Short URL
- https://ia.cr/2002/059
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2002/059, author = {Ran Canetti and Hugo Krawczyk}, title = {Universally Composable Notions of Key Exchange and Secure Channels}, howpublished = {Cryptology {ePrint} Archive, Paper 2002/059}, year = {2002}, url = {https://eprint.iacr.org/2002/059} }