Cryptology ePrint Archive: Report 2007/123

Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS

Berkant Ustaoglu

Abstract: LaMacchia, Lauter and Mityagin recently presented a strong security definition for authenticated key agreement strengthening the well-known Canetti-Krawczyk definition. They also described a protocol, called NAXOS, that enjoys a simple security proof in the new model. Compared to MQV and HMQV, NAXOS is less efficient and cannot be readily modified to obtain a one-pass protocol. On the other hand MQV does not have a security proof, and the HMQV security proof is extremely complicated.

This paper proposes a new authenticated key agreement protocol, called CMQV (`Combined' MQV), which incorporates design principles from MQV, HMQV and NAXOS. The new protocol achieves the efficiency of HMQV and admits a natural one-pass variant. Moreover, we present a simple and intuitive proof that CMQV is secure in the LaMacchia-Lauter-Mityagin model.

Category / Keywords: cryptographic protocols / key agreement protocols, provable security, MQV, Diffie-Hellman

Publication Info: Journal of "Designs Codes and Cryptography", 2008, v46(3).

Date: received 28 Mar 2007, last revised 21 Jun 2009

Contact author: bustaoglu at cryptolounge net

Available format(s): PDF | BibTeX Citation

Note: Updated (extended) and corrected version; see "Errata" and "Revisions" in the appendix for a summary of changes.

Version: 20090622:045633 (All versions of this report)

Short URL: ia.cr/2007/123