International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Stronger Security of Authenticated Key Exchange

Brian LaMacchia
Kristin E. Lauter
Anton Mityagin
Search ePrint
Search Google
Abstract: In this paper we study security definitions for authenticated key exchange (AKE) protocols. We observe that there are several families of attacks on AKE protocols that lie outside the boundary of the current class of security definitions. In an attempt to bring these attacks within the scope of analysis we extend the AKE security definition to provide greater powers to the adversary. We provide a general framework for defining AKE security, which we call strong AKE security, such that existing security definitions occur as instances of the framework. We then introduce NAXOS, a new two-pass AKE protocol, and prove that it is secure in this stronger definition. In addition, we formulate a notion of ephemeral secret key which captures all ephemeral information used in session establishment. We demonstrate the importance of this formulation by showing that a secure AKE protocol SIG-DH can become vulnerable when instantiated with signature schemes which are insecure against revelation of the secret random bits used in the signature generation.
  title={Stronger Security of Authenticated Key Exchange},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / authenticated key exchange; protocols; attacks},
  note={ 13239 received 23 Feb 2006, last revised 31 Mar 2006},
  author={Brian LaMacchia and Kristin E. Lauter and Anton Mityagin},