Paper 2014/037

On the Security of the Pre-Shared Key Ciphersuites of TLS

Yong Li, Sven Schäge, Zheng Yang, Florian Kohlar, and Jörg Schwenk


TLS is by far the most important protocol on the Internet for negotiating secure session keys and providing authentication. Only very recently, the standard ciphersuites of TLS have been shown to provide provably secure guarantees under a new notion called authenticated and Confidential Channel Establishment (ACCE) introduced by Jager et al. at CRYPTO'12. In this work, we analyse the variants of TLS that make use of pre-shared keys (TLS-PSK). In various environments, TLS-PSK is an interesting alternative for remote authentication between servers and constrained clients like smart cards, for example for mobile phone authentication, EMV-based payment transactions or authentication via electronic ID cards. First, we introduce a new and strong definition of ACCE security that covers protocols with pre-shared keys. Next, we prove that all ciphersuite families of TLS-PSK meet our strong notion of ACCE security. Our results do not rely on random oracles nor on any non-standard assumption.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in PKC 2014
TLSTLS-PSKACCEPre-Shared KeysAuthenticated Key ExchangeSecure Channels
Contact author(s)
sschaege @ gmail com
2015-04-02: revised
2014-01-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yong Li and Sven Schäge and Zheng Yang and Florian Kohlar and Jörg Schwenk},
      title = {On the Security of the Pre-Shared Key Ciphersuites of TLS},
      howpublished = {Cryptology ePrint Archive, Paper 2014/037},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.