Paper 2019/1203

Authentication in Key-Exchange: Definitions, Relations and Composition

Cyprien Delpech de Saint Guilhem, Marc Fischlin, and Bogdan Warinschi

Abstract

We present a systematic approach to define and study authentication notions in authenticated key-exchange protocols. We propose and use a flexible and expressive predicate-based definitional framework. Our definitions capture key and entity authentication, in both implicit and explicit variants, as well as key and entity confirmation, for authenticated key-exchange protocols. In particular, we capture critical notions in the authentication space such as key-compromise impersonation resistance and security against unknown key-share attacks. We first present and explore these definitions within the Bellare-Rogaway model and then extend them to Canetti-Krawczyk-style models. We then show two useful applications of our framework. First, we look at the authentication guarantees of three representative protocols to draw several useful lessons for protocol design. The core technical contribution of this paper is then to formally establish that composition of secure implicitly authenticated key-exchange with subsequent confirmation protocols yields explicit authentication guarantees. Without a formal separation of implicit and explicit authentication from secrecy, a proof of this folklore result could not have been established.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Published elsewhere. Major revision.2020 IEEE 33rd Computer Security Foundations Symposium, CSF 2020
DOI
10.1109/CSF49147.2020.00028
Keywords
key-exchangeauthenticationcomposition
Contact author(s)
cyprien delpechdesaintguilhem @ kuleuven be
marc fischlin @ cryptoplexity de
bogdan @ cs bris ac uk
History
2021-01-29: revised
2019-10-15: received
See all versions
Short URL
https://ia.cr/2019/1203
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1203,
      author = {Cyprien Delpech de Saint Guilhem and Marc Fischlin and Bogdan Warinschi},
      title = {Authentication in Key-Exchange: Definitions, Relations and Composition},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1203},
      year = {2019},
      doi = {10.1109/CSF49147.2020.00028},
      note = {\url{https://eprint.iacr.org/2019/1203}},
      url = {https://eprint.iacr.org/2019/1203}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.