Paper 2012/416
Beyond eCK: Perfect Forward Secrecy under Actor Compromise and Ephemeral-Key Reveal
Cas Cremers and Michèle Feltz
Abstract
We show that it is possible to achieve perfect forward secrecy in two-message or one-round key exchange (KE) protocols that satisfy even stronger security properties than provided by the extended Canetti-Krawczyk (eCK) security model. In particular, we consider perfect forward secrecy in the presence of adversaries that can reveal ephemeral secret keys and the long-term secret keys of the actor of a session (similar to Key Compromise Impersonation). We propose two new game-based security models for KE protocols. First, we formalize a slightly stronger variant of the eCK security model that we call eCKw. Second, we integrate perfect forward secrecy into eCKw, which gives rise to the even stronger eCK-PFS model. We propose a security-strengthening transformation (i.e., a compiler) between our new models. Given a two-message Diffie-Hellman type protocol secure in eCKw, our transformation yields a two-message protocol that is secure in eCK-PFS. As an example, we show how our transformation can be applied to the NAXOS protocol.
Note: V2.0 mainly addresses gap in proof.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Full version of the ESORICS 2012 paper
- Keywords
- key exchangesecurity modelsprotocol transformationsperfect forward secrecyephemeral-key revealkey compromise impersonationactor compromise
- Contact author(s)
- mmc feltz @ gmail com
- History
- 2017-12-08: last of 2 revisions
- 2012-08-01: received
- See all versions
- Short URL
- https://ia.cr/2012/416
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2012/416,
author = {Cas Cremers and Michèle Feltz},
title = {Beyond {eCK}: Perfect Forward Secrecy under Actor Compromise and Ephemeral-Key Reveal},
howpublished = {Cryptology {ePrint} Archive, Paper 2012/416},
year = {2012},
url = {https://eprint.iacr.org/2012/416}
}
