Paper 2015/978

The OPTLS Protocol and TLS 1.3

Hugo Krawczyk and Hoeteck Wee

Abstract

We present the OPTLS key-exchange protocol, its design, rationale and cryptographic analysis. OPTLS design has been motivated by the ongoing work in the TLS working group of the IETF for specifying TLS 1.3, the next-generation TLS protocol. The latter effort is intended to revamp the security of TLS that has been shown inadequate in many instances as well as to add new security and functional features. The main additions that influence the cryptographic design of TLS 1.3 (hence also of OPTLS) are a new "0-RTT requirement" (0-RTT stands for "zero round trip time") to allow clients that have a previously retrieved or cached public key of the server to send protected data already in the first flow of the protocol; making forward secrecy (PFS) a mandatory requirement; and moving to elliptic curves as the main cryptographic basis for the protocol (for performance and security reasons). Accommodating these requirements calls for moving away from the traditional RSA-centric design of TLS in favor of a protocol based on Diffie-Hellman techniques. OPTLS offers a simple design framework that supports all the above requirements with a uniform and modular logic that helps in the specification, analysis, performance optimization, and future maintenance of the protocol. The current (draft) specification of TLS 1.3 builds upon the OPTLS framework as a basis for the cryptographic core of the handshake protocol, adapting the different modes of OPTLS and its HKDF-based key derivation to the TLS 1.3 context.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Contact author(s)
wee @ di ens fr
History
2015-10-12: received
Short URL
https://ia.cr/2015/978
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/978,
      author = {Hugo Krawczyk and Hoeteck Wee},
      title = {The {OPTLS} Protocol and {TLS} 1.3},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/978},
      year = {2015},
      url = {https://eprint.iacr.org/2015/978}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.