Paper 2016/711

A Unilateral-to-Mutual Authentication Compiler for Key Exchange (with Applications to Client Authentication in TLS 1.3)

Hugo Krawczyk

Abstract

We study the question of how to build "compilers" that transform a unilaterally authenticated (UA) key-exchange protocol into a mutually-authenticated (MA) one. We present a simple and efficient compiler and characterize the UA protocols that the compiler upgrades to the MA model, showing this to include a large and important class of UA protocols. The question, while natural, has not been studied widely. Our work is motivated in part by the ongoing work on the design of TLS 1.3, specifically the design of the client authentication mechanisms including the challenging case of post-handshake authentication. Our approach supports the analysis of these mechanisms in a general and modular way, in particular aided by the notion of "functional security" that we introduce as a generalization of key exchange models and which may be of independent interest.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
TLSkey exchangeauthentication
Contact author(s)
hugo @ ee technion ac il
History
2016-09-01: revised
2016-07-18: received
See all versions
Short URL
https://ia.cr/2016/711
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/711,
      author = {Hugo Krawczyk},
      title = {A Unilateral-to-Mutual Authentication Compiler for Key Exchange  (with Applications to Client Authentication in TLS 1.3)},
      howpublished = {Cryptology ePrint Archive, Paper 2016/711},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/711}},
      url = {https://eprint.iacr.org/2016/711}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.