Paper 2010/136

On Robust Key Agreement Based on Public Key Authentication

Feng Hao

Abstract

This paper discusses public-key authenticated key agreement protocols. First, we critically analyze several authenticated key agreement protocols and uncover various theoretical and practical flaws. In particular, we present two new attacks on the HMQV protocol, which is currently being standardized by IEEE P1363. The first attack presents a counterexample to invalidate the basic authentication in HMQV. The second attack is applicable to almost all past schemes, despite that many of them have formal security proofs. These attacks highlight the difficulty to design a crypto protocol correctly and suggest the caution one should always take. We further point out that many of the design errors are caused by sidestepping an important engineering principle, namely ``Do not assume that a message you receive has a particular form (such as $g^{r}$ for known $r$) unless you can check this''. Constructions in the past generally resisted this principle on the grounds of efficiency: checking the knowledge of the exponent is commonly seen as too expensive. In a concrete example, we demonstrate how to effectively integrate the zero-knowledge proof primitive into the protocol design and meanwhile achieve good efficiency. Our new key agreement protocol, YAK, has comparable computational efficiency to the MQV and HMQV protocols with clear advantages on security. Among all the related techniques, our protocol appears to be the simplest so far. We believe simplicity is also an important engineering principle.

Note: A short version of the paper was presented at Financial Cryptography'10. This is a full version of the paper, in submission to a journal.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. A short version of the paper was presented at Financial Cryptography'10. This is a full version of the paper, in submission to a journal.
Keywords
authenticated key agreement
Contact author(s)
haofeng66 @ gmail com
History
2010-03-12: received
Short URL
https://ia.cr/2010/136
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/136,
      author = {Feng Hao},
      title = {On Robust Key Agreement Based on Public Key Authentication},
      howpublished = {Cryptology {ePrint} Archive, Paper 2010/136},
      year = {2010},
      url = {https://eprint.iacr.org/2010/136}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.