Paper 2014/432

Universally Composable Authentication and Key-exchange with Global PKI

Ran Canetti, Daniel Shahaf, and Margarita Vald

Abstract

Message authentication and key exchange are two of the most basic tasks of cryptography. Solutions based on public-key infrastructure (PKI) are prevalent. Still, the state of the art in composable security analysis of PKI-based authentication and key exchange is somewhat unsatisfactory. Specifically, existing treatments either (a)~make the unrealistic assumption that the PKI is accessible only within the confines of the protocol itself, thus failing to capture real-world PKI-based authentication, or (b)~impose often-unnecessary requirements---such as strong on-line non-transferability---on candidate protocols, thus ruling out natural candidates. We give a modular and universally composable analytical framework for PKI-based message authentication and key exchange protocols. This framework guarantees security even when the PKI is pre-existing and globally available, without being unnecessarily restrictive. Specifically, we model PKI as a global set-up functionality within the \emph{Global~UC} security model [Canetti \etal, TCC 2007] and relax the ideal authentication and key exchange functionalities accordingly. We then demonstrate the security of basic signature-based authentication and key exchange protocols. Our modeling makes minimal security assumptions on the PKI in use; in particular, ``knowledge of the secret key'' is not needed.

Note: Added key exchange section.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Minor revision. Submitted to TCC 2015.
Keywords
public-key infrastructuremessage authenticationdigital signatureskey exchangedeniabilitynon-transferabilityuniversal composability
Contact author(s)
margarita vald @ cs tau ac il
History
2014-10-09: revised
2014-06-12: received
See all versions
Short URL
https://ia.cr/2014/432
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/432,
      author = {Ran Canetti and Daniel Shahaf and Margarita Vald},
      title = {Universally Composable Authentication and Key-exchange with Global {PKI}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/432},
      year = {2014},
      url = {https://eprint.iacr.org/2014/432}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.