Paper 1999/012

On Formal Models for Secure Key Exchange

Victor Shoup

Abstract

A new formal security model for session key exchange protocols is proposed, and several efficient protocols are analyzed in this model. Our new model is in the style of multi-party simulatability: it specifies the service and security guarantees that a key exchange protocol should provide to higher-level protocols as a simple, natural, and intuitive interface to which a high-level protocol designer can program. The relationship between this new model and previously proposed models is explored, and in particular, several flaws and shortcomings in previously proposed models are discussed. The model also deals with anonymous users---that is, users who do not have public keys, but perhaps have passwords that can be used to authenticate themselves within a secure session.

Metadata
Available format(s)
PS
Publication info
Published elsewhere. Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.
Keywords
session key exchangemulti-party computationformal models
Contact author(s)
sho @ zurich ibm com
History
1999-11-15: revised
1999-04-19: received
Short URL
https://ia.cr/1999/012
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:1999/012,
      author = {Victor Shoup},
      title = {On Formal Models for Secure Key Exchange},
      howpublished = {Cryptology {ePrint} Archive, Paper 1999/012},
      year = {1999},
      url = {https://eprint.iacr.org/1999/012}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.