Paper 2008/376

Session-state Reveal is stronger than Ephemeral Key Reveal: Attacking the NAXOS Authenticated Key Exchange protocol

Cas J. F. Cremers

Abstract

In the papers Stronger Security of Authenticated Key Exchange [LLM07, LLM06], a new security model for key exchange protocols is proposed. The new model is suggested to be at least as strong as previous models for key exchange protocols. In particular, the model includes a new notion of an Ephemeral Key Reveal adversary query, which is claimed in [LLM06, Oka07, Ust08] to be at least as strong as existing definitions of the Session-state Reveal query. We show that for some protocols, Session-state Reveal is strictly stronger than Ephemeral Key Reveal. In particular, we show that the NAXOS protocol from [LLM07, LLM06] does not meet its security requirements if the Session-state Reveal query is allowed in the security model.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
foundationssecurity modelskey agreementsession-state revealephemeral key reveal
Contact author(s)
cas cremers @ inf ethz ch
History
2009-06-09: last of 3 revisions
2008-09-05: received
See all versions
Short URL
https://ia.cr/2008/376
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2008/376,
      author = {Cas J. F.  Cremers},
      title = {Session-state Reveal is stronger than Ephemeral Key Reveal: Attacking the {NAXOS} Authenticated Key Exchange protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/376},
      year = {2008},
      url = {https://eprint.iacr.org/2008/376}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.