Cryptology ePrint Archive: Report 2010/237
A New Security Model for Authenticated Key Agreement
Augustin P. Sarr and Philippe Elbaz–Vincent and Jean–Claude Bajard
Abstract: The Canetti--Krawczyk (CK) and extended Canetti--Krawczyk (eCK) security models, are widely used to provide security arguments for key agreement protocols. We discuss security shades in the (e)CK models, and some practical attacks unconsidered in (e)CK--security arguments.
We propose a strong security model which encompasses the eCK one. We also propose a new protocol, called Strengthened MQV (SMQV), which in addition to provide the same efficiency as the (H)MQV protocols, is particularly suited for distributed implementations wherein a tamper--proof device is used to store long--lived keys, while session keys are used on an untrusted host machine. The SMQV protocol meets our security definition under the Gap Diffie--Hellman assumption and the Random Oracle model.
Category / Keywords: authenticated key agreement, practical vulnerability, strengthened eCK model, SMQV
Publication Info: A short version of this paper is accepted at SCN 2010
Date: received 27 Apr 2010, last revised 5 Jan 2012
Contact author: a sarr at netheos net, augussarr@yahoo fr,
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Note: Typographical corrections.
Version: 20120105:130259 (All versions of this report)
Short URL: ia.cr/2010/237
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]