Paper 2003/063

Initiator-Resilient Universally Composable Key Exchange

Dennis Hofheinz, Joern Mueller-Quade, and Rainer Steinwandt

Abstract

Key exchange protocols in the setting of universal composability are investigated. First we show that the ideal functionality F_KE of [CK02] cannot be realized in the presence of adaptive adversaries, thereby disproving a claim in [CK02]. We proceed to propose a modification F_KE^(i,j), which is proven to be realizable by two natural protocols for key exchange. Furthermore, sufficient conditions for securely realizing this modified functionality are given. Two notions of key exchange are introduced that allow for security statements even when one party is corrupted. Two natural key exchange protocols are proven to fulfill the "weaker" of these notions, and a construction for deriving protocols that satisfy the "stronger" notion is given.

Note: This is the version published in the proceedings of ESORICS 2003, apart from a corrected Remark 4.

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. Published in Proceedings of ESORICS 2003, Springer LNCS 2808.
Keywords
formal cryptographycryptographic protocolsuniversal compositionkey exchange
Contact author(s)
hofheinz @ ira uka de
History
2003-11-25: revised
2003-04-08: received
See all versions
Short URL
https://ia.cr/2003/063
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2003/063,
      author = {Dennis Hofheinz and Joern Mueller-Quade and Rainer Steinwandt},
      title = {Initiator-Resilient Universally Composable Key Exchange},
      howpublished = {Cryptology {ePrint} Archive, Paper 2003/063},
      year = {2003},
      url = {https://eprint.iacr.org/2003/063}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.