Cryptology ePrint Archive: Report 2011/035

A New Family of Implicitly Authenticated Diffie-Hellman Protocols

Andrew C. Yao and Yunlei Zhao

Abstract: Cryptography algorithm standards play a key role both to the practice of information security and to cryptography theory research. Among them, the MQV and HMQV protocols ((H)MQV, in short) are a family of implicitly authenticated Diffie-Hellman key-exchange (DHKE) protocols that are among the most efficient and are widely standardized. In this work, from some new perspectives and under some new design rationales, and also inspired by the security analysis of HMQV, we develop a new family of practical implicitly authenticated DHKE (IA-DHKE) protocols, which enjoy notable performance among security, efficiency, privacy, fairness and easy deployment. We make detailed comparisons between our new protocols and (H)MQV, showing that the newly developed protocols outperform HMQV in most aspects. Very briefly speaking, we achieve:

1. The most efficient provably secure IA-DHKE protocol to date, and the first online-optimal provably secure IA-DHKE protocols.

2. The first IA-DHKE protocol that is provably secure, resilience to the leakage of DH components and exponents, under merely standard assumptions without additionally relying on the knowledge-of-exponent assumption (KEA).

3. The first provably secure privacy-preserving and computationally fair IA-DHKE protocol, with privacy-preserving properties of reasonable deniability and post-ID computability and the property of session-key computational fairness.

Guided by our new design rationales, in this work we also formalize and introduce some new concept, say session-key computational fairness (as a complement to session-key security), to the literature.

Category / Keywords: Implicit authentication, Diffie-Hellman key exchange

Publication Info: The results originally appeared in a Chinese patent in 2007, and later in a PCT patent in 2008 (with the 2007 patent as priority reference). More details and protocol variants can also be found in the patent files.

Date: received 20 Jan 2011, last revised 11 Oct 2012

Contact author: yunleizhao at gmail com

Available format(s): PDF | BibTeX Citation

Note: A more formal treatment of the YZ-KE protocols in the original version

Version: 20121011:090954 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]