Cryptology ePrint Archive: Report 2015/110

sHMQV: An Efficient Key Exchange Protocol for Power-limited Devices

Shijun Zhao and Qianying Zhang

Abstract: In this paper we focus on designing authenticated key exchange protocols for practical scenarios where the party consists of a powerful but untrusted host (e.g., PC, mobile phone, etc) and a power-limited but trusted device (e.g., Trusted Platform Module, Mobile Trusted Module, Smart Card, etc). HMQV and (s,r)OAKE protocols are the state-of-the-art in the integrity of security and efficiency. However, we find that they are not suitable for the above scenarios as all (or part) of the online exponentiation computations must be performed in the power-limited trusted devices, which makes them inefficient for the deployment in practice.

To overcome the above inefficiency, we propose a variant of HMQV protocol, denoted sHMQV, under some new design rationales which bring the following advantages: 1) eliminating the validation of the ephemeral public keys, which costs one exponentiation; 2) the power-limited trusted device only performs one exponentiation, which can be pre-computed offline; 3) all the online exponentiation computations can be performed in the powerful host. The above advantages make sHMQV enjoy better performance than HMQV and (s,r)OAKE, especially when deployed in the scenarios considered in this paper. We finally formally prove the security of sHMQV in the CK model.

Category / Keywords: cryptographic protocols / Authenticated Key Exchange, CK model, Security Analysis, Power-limited Devices

Original Publication (with minor differences): ISPEC'15

Date: received 12 Feb 2015

Contact author: zqyzsj at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20150224:022419 (All versions of this report)

Short URL: ia.cr/2015/110

Discussion forum: Show discussion | Start new discussion