Paper 2008/007

Efficient One-round Key Exchange in the Standard Model

Colin Boyd, Yvonne Cliff, Juan M. Gonzalez Nieto, and Kenneth G. Paterson


We consider one-round identity-based key exchange protocols secure in the standard model. The security analysis uses the powerful security model of Canetti and Krawczyk and a natural extension of it to the ID-based setting. It is shown how KEMs can be used in a generic way to obtain two different protocol designs with progressively stronger security guarantees. A detailed analysis of the performance of the protocols is included; surprisingly, when instantiated with specific KEM constructions, the resulting protocols are competitive with the best previous schemes that have proofs only in the random oracle model.

Note: - Fixed definition of session id in Protocol 2 and added some informal discussion on why malleability attacks do not work against protocol 2 in Section 4. - Modified the second part of the proof of Protocol 2 to take into consideration the security of the randomness extractor and expander. - Numerous typos have been corrected.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. This is the full version of the paper appearing at ACISP 2008
key establishmentkey encapsulationid-based cryptographystandard model
Contact author(s)
j gonzaleznieto @ qut edu au
2008-05-07: last of 2 revisions
2008-01-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Colin Boyd and Yvonne Cliff and Juan M.  Gonzalez Nieto and Kenneth G.  Paterson},
      title = {Efficient One-round Key Exchange in the Standard Model},
      howpublished = {Cryptology ePrint Archive, Paper 2008/007},
      year = {2008},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.