Cryptology ePrint Archive: Report 2010/621

Generic Compilers for Authenticated Key Exchange (Full Version)

Tibor Jager and Florian Kohlar and Sven Schäge and Jörg Schwenk

Abstract: So far, all solutions proposed for {\em authenticated key agreement} combine key agreement and authentication into a single cryptographic protocol. However, in many important application scenarios, key agreement and entity authentication are clearly separated protocols. This fact enables efficient attacks on the na\"{\i}ve combination of these protocols. In this paper, we propose new compilers for two-party key agreement and authentication, which are provably secure in the standard Bellare-Rogaway model. The constructions are generic: key agreement is executed first and results (without intervention of the adversary) in a secret session key on both sides. This key (or a derived key) is handed over, together with a transcript of all key exchange messages, to the authentication protocol, where it is combined with the random challenge(s) exchanged during authentication.

Category / Keywords: authenticated key exchange, protocol compiler, TLS

Publication Info: ASIACRYPT 2010

Date: received 5 Dec 2010, last revised 2 Aug 2012

Contact author: florian kohlar at rub de

Available format(s): PDF | BibTeX Citation

Note: Full version of the paper presented at ASIACRYPT 2010, Singapore.

Version: 20120802:121558 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]