Paper 2006/073

Stronger Security of Authenticated Key Exchange

Brian LaMacchia, Kristin Lauter, and Anton Mityagin


In this paper we study security definitions for authenticated key exchange (AKE) protocols. We observe that there are several families of attacks on AKE protocols that lie outside the boundary of the current class of security definitions. In an attempt to bring these attacks within the scope of analysis we extend the AKE security definition to provide greater powers to the adversary. We provide a general framework for defining AKE security, which we call strong AKE security, such that existing security definitions occur as instances of the framework. We then introduce NAXOS, a new two-pass AKE protocol, and prove that it is secure in this stronger definition. In addition, we formulate a notion of ephemeral secret key which captures all ephemeral information used in session establishment. We demonstrate the importance of this formulation by showing that a secure AKE protocol SIG-DH can become vulnerable when instantiated with signature schemes which are insecure against revelation of the secret random bits used in the signature generation.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
authenticated key exchangeprotocolsattacks
Contact author(s)
amityagin @ cs ucsd edu
2006-04-01: revised
2006-02-24: received
See all versions
Short URL
Creative Commons Attribution


      author = {Brian LaMacchia and Kristin Lauter and Anton Mityagin},
      title = {Stronger Security of Authenticated Key Exchange},
      howpublished = {Cryptology ePrint Archive, Paper 2006/073},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.