Paper 2014/050

Some Theoretical Conditions for Menezes--Qu--Vanstone Key Agreement to Provide Implicit Key Authentication

Daniel R. L. Brown

Abstract

Menezes--Qu--Vanstone key agreement (MQV) is intended to provide implicit key authentication (IKA) and several other security objectives. MQV is approved and specified in five standards. This report focuses on the IKA of two-pass MQV, without key confirmation. Arguably, implicit key authentication is the most essential security objective in authenticated key agreement. The report examines various necessary or sufficient formal conditions under which MQV may provide IKA. Incidentally, this report defines, relies on, and inter-relates various conditions on the key deriviation function and Diffie--Hellman groups. While it should be expected that most such definitions and results are already well-known, a reader interested in these topics may be interested in this report as a kind of review, even if they have no interest in MQV whatsoever.

Note: Caution: this report is a work in progress. It may contain serious omissions and errors. Readers should verify any proofs before relying upon them, as always, but perhaps more so than is usual.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
key agreementMQVprovable security
Contact author(s)
dbrown @ certicom com
History
2014-07-07: last of 4 revisions
2014-01-21: received
See all versions
Short URL
https://ia.cr/2014/050
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2014/050,
      author = {Daniel R.  L.  Brown},
      title = {Some Theoretical Conditions for Menezes--Qu--Vanstone Key Agreement to Provide Implicit Key Authentication},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/050},
      year = {2014},
      url = {https://eprint.iacr.org/2014/050}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.