Cryptology ePrint Archive: Report 2014/050

Some Theoretical Conditions for Menezes--Qu--Vanstone Key Agreement to Provide Implicit Key Authentication

Daniel R. L. Brown

Abstract: Menezes--Qu--Vanstone key agreement (MQV) is intended to provide implicit key authentication (IKA) and several other security objectives. MQV is approved and specified in five standards.

This report focuses on the IKA of two-pass MQV, without key confirmation. Arguably, implicit key authentication is the most essential security objective in authenticated key agreement. The report examines various necessary or sufficient formal conditions under which MQV may provide IKA.

Incidentally, this report defines, relies on, and inter-relates various conditions on the key deriviation function and Diffie--Hellman groups. While it should be expected that most such definitions and results are already well-known, a reader interested in these topics may be interested in this report as a kind of review, even if they have no interest in MQV whatsoever.

Category / Keywords: public-key cryptography / key agreement, MQV, provable security

Date: received 20 Jan 2014, last revised 7 Jul 2014

Contact author: dbrown at certicom com

Available format(s): PDF | BibTeX Citation

Note: Caution: this report is a work in progress. It may contain serious omissions and errors. Readers should verify any proofs before relying upon them, as always, but perhaps more so than is usual.

Version: 20140707:135918 (All versions of this report)

Short URL: ia.cr/2014/050

Discussion forum: Show discussion | Start new discussion