Paper 1999/012
On Formal Models for Secure Key Exchange
Victor Shoup
Abstract
A new formal security model for session key exchange protocols is proposed, and several efficient protocols are analyzed in this model. Our new model is in the style of multi-party simulatability: it specifies the service and security guarantees that a key exchange protocol should provide to higher-level protocols as a simple, natural, and intuitive interface to which a high-level protocol designer can program. The relationship between this new model and previously proposed models is explored, and in particular, several flaws and shortcomings in previously proposed models are discussed. The model also deals with anonymous users---that is, users who do not have public keys, but perhaps have passwords that can be used to authenticate themselves within a secure session.
Metadata
- Available format(s)
- PS
- Publication info
- Published elsewhere. Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.
- Keywords
- session key exchangemulti-party computationformal models
- Contact author(s)
- sho @ zurich ibm com
- History
- 1999-11-15: revised
- 1999-04-19: received
- Short URL
- https://ia.cr/1999/012
- License
-
CC BY
BibTeX
@misc{cryptoeprint:1999/012, author = {Victor Shoup}, title = {On Formal Models for Secure Key Exchange}, howpublished = {Cryptology {ePrint} Archive, Paper 1999/012}, year = {1999}, url = {https://eprint.iacr.org/1999/012} }