More Web Proxy on the site http://driver.im/

Article

Universally Composable Notions of Key Exchange and Secure Channels

Authors:

Hugo KrawczykAuthors Info & Claims

EUROCRYPT '02: Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology

Pages 337 - 351

Published: 02 May 2002 Publication History

Abstract

Recently, Canetti and Krawczyk (Eurocrypt'2001) formulated a notion of security for key-exchange (ke) protocols, called SK-security, and showed that this notion suffices for constructing secure channels. However, their model and proofs do not suffice for proving more general composability properties of SK-secure ke protocols.We show that while the notion of SK-security is strictly weaker than a fully-idealized notion of key exchange security, it is sufficiently robust for providing secure composition with arbitrary protocols. In particular, SK-security guarantees the security of the key for any application that desires to set-up secret keys between pairs of parties. We also provide new definitions of secure-channels protocols with similarly strong composability properties, and show that SK-security suffices for obtaining these definitions.To obtain these results we use the recently proposed framework of "universally composable (UC) security." We also use a new tool, called "noninformation oracles," which will probably find applications beyond the present case. These tools allow us to bridge between seemingly limited indistinguishability-based definitions such as SK-security and more powerful, simulation-based definitions, such as UC security, where general composition theorems can be proven. Furthermore, based on such composition theorems we reduce the analysis of a full-fledged multi-session keyexchange protocol to the (simpler) analysis of individual, stand-alone, key-exchange sessions.

References

[1]

D. Beaver, "Secure Multi-party Protocols and Zero-Knowledge Proof Systems Tolerating a Faulty Minority", J. Cryptology (1991) 4: 75-122.

[2]

M. Bellare, R. Canetti and H. Krawczyk, "A modular approach to the design and analysis of authentication and key-exchange protocols", 30th STOC , 1998.

[3]

M. Bellare and P. Rogaway, "Entity authentication and key distribution", Advances in Cryptology, - CRYPTO'93 , Lecture Notes in Computer Science Vol. 773, D. Stinson ed, Springer-Verlag, 1994, pp. 232-249.

[4]

M. Bellare and P. Rogaway, "Provably secure session key distribution - the three party case," Annual Symposium on the Theory of Computing (STOC) , 1995.

[5]

R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva and M. Yung, "Systematic design of two-party authentication protocols," IEEE Journal on Selected Areas in Communications (special issue on Secure Communications), 11(5):679-693, June 1993. (Preliminary version: Crypto'91.)

[6]

S. Blake-Wilson, D. Johnson and A. Menezes, "Key exchange protocols and their security analysis," Proceedings of the sixth IMA International Conference on Cryptography and Coding , 1997.

[7]

R. Canetti, "Security and Composition of Multiparty Cryptographic Protocols", Journal of Cryptology , Winter 2000. On-line version at http://philby.ucsd.edu/ cryptolib/1998/98-18.html.

[8]

R. Canetti, "Universally Composable Security: A New paradigm for Cryptographic Protocols", 42nd FOCS , 2001. Full version available at http://eprint.iacr.org/2000/067.

[9]

R. Canetti and H. Krawczyk, "Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels", Eurocrypt 01 , 2001. Full version at http://eprint.iacr.org/2001.

[10]

R. Canetti and H. Krawczyk, "Universally Composable Notions of Key Exchange and Secure Channels", IACR's Eprint archive, http://eprint.iacr.org/2002.

[11]

R. Canetti and T. Rabin, "Universal Composition with Join State", available on the Eprint archive, eprint.iacr.org/2002, 2002.

[12]

W. Diffie and M. Hellman, "New directions in cryptography," IEEE Trans. Info. Theory IT-22, November 1976, pp. 644-654.

[13]

W. Diffie, P. van Oorschot and M. Wiener, "Authentication and authenticated key exchanges", Designs, Codes and Cryptography , 2, 1992, pp. 107-125.

[14]

Y. Dodis and S. Micali, "Secure Computation", CRYPTO '00 , 2000.

[15]

U. Feige and A. Shamir. Witness Indistinguishability and Witness Hiding Protocols. In 22nd STOC , pages 416-426, 1990.

[16]

O. Goldreich, " Foundations of Cryptography ", Cambridge University Press, 2001. Prelim. version available at http://philby.ucsd.edu/cryptolib.html

[17]

S. Goldwasser, and L. Levin, "Fair Computation of General Functions in Presence of Immoral Majority", CRYPTO '90, LNCS 537 , Springer-Verlag, 1990.

[18]

S. Goldwasser and S. Micali, Probabilistic encryption, JCSS , Vol. 28, No 2, April 1984, pp. 270-299.

[19]

S. Goldwasser, S. Micali and C. Rackoff, "The Knowledge Complexity of Interactive Proof Systems", SIAM Journal on Comput. , Vol. 18, No. 1, 1989, pp. 186-208.

[20]

S. Goldwasser, S. Micali, and R.L. Rivest. A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM J. Comput. , April 1988, pages 281-308.

[21]

A. Menezes, P. Van Oorschot and S. Vanstone, "Handbook of Applied Cryptography," CRC Press, 1996.

[22]

S. Micali and P. Rogaway, "Secure Computation", unpublished manuscript, 1992. Preliminary version in CRYPTO 91 .

[23]

B. Pfitzmann, M. Schunter and M. Waidner, "Provably Secure Certified Mail", IBM Research Report RZ 3207 (#93253), IBM Research, Zurich, August 2000.

[24]

V. Shoup, "On Formal Models for Secure Key Exchange" Theory of Cryptography Library, 1999. Available at: http://philby.ucsd.edu/cryptolib/1999/ 99-12.html.

Cited By

Asharov GLindell Y(2017)A Full Proof of the BGW Protocol for Perfectly Secure Multiparty ComputationJournal of Cryptology10.1007/s00145-015-9214-430:1(58-151)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1007/s00145-015-9214-4
Krawczyk HWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)A Unilateral-to-Mutual Authentication Compiler for Key Exchange (with Applications to Client Authentication in TLS 1.3)Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978325(1438-1450)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978325
Vajda I(2016)On the analysis of time-aware protocols in universal composability frameworkInternational Journal of Information Security10.1007/s10207-015-0300-215:4(403-412)Online publication date: 1-Aug-2016
https://dl.acm.org/doi/10.1007/s10207-015-0300-2
Show More Cited By

Universally Composable Notions of Key Exchange and Secure Channels

Recommendations

Universally composable three-party password-authenticated key exchange with contributiveness

Three-party password-authenticated key exchange 3PAKE allows two clients, each sharing a password with a trusted server, to establish a session key with the help of the server. It is a quite practical mechanism for establishing secure channels in a large ...
Universally composable contributory group key exchange
ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security

We treat the security of group key exchange (GKE) in the universal composability (UC) framework. Analyzing GKE protocols in the UC framework naturally addresses attacks by malicious insiders. We define an ideal functionality for GKE that captures ...
A Universally Composable Group Key Exchange Protocol with Minimum Communication Effort
SCN '08: Proceedings of the 6th international conference on Security and Cryptography for Networks

The universal composability (UC) framework by Canetti [15] is a general-purpose framework for designing secure protocols. It ensures the security of UC-secure protocols under arbitrary compositions. As key exchange protocols (KEs) belong to the most ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

EUROCRYPT '02: Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology

May 2002

545 pages

ISBN:3540435530

Editor:
Lars R. Knudsen

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 02 May 2002

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

85
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Asharov GLindell Y(2017)A Full Proof of the BGW Protocol for Perfectly Secure Multiparty ComputationJournal of Cryptology10.1007/s00145-015-9214-430:1(58-151)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1007/s00145-015-9214-4
Krawczyk HWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)A Unilateral-to-Mutual Authentication Compiler for Key Exchange (with Applications to Client Authentication in TLS 1.3)Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978325(1438-1450)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978325
Vajda I(2016)On the analysis of time-aware protocols in universal composability frameworkInternational Journal of Information Security10.1007/s10207-015-0300-215:4(403-412)Online publication date: 1-Aug-2016
https://dl.acm.org/doi/10.1007/s10207-015-0300-2
Blazy OChevalier C(2016)Structure-Preserving Smooth Projective HashingProceedings, Part II, of the 22nd International Conference on Advances in Cryptology --- ASIACRYPT 2016 - Volume 1003210.1007/978-3-662-53890-6_12(339-369)Online publication date: 4-Dec-2016
https://dl.acm.org/doi/10.1007/978-3-662-53890-6_12
Canetti RShahaf DVald M(2016)Universally Composable Authentication and Key-Exchange with Global PKIProceedings, Part II, of the 19th IACR International Conference on Public-Key Cryptography --- PKC 2016 - Volume 961510.1007/978-3-662-49387-8_11(265-296)Online publication date: 6-Mar-2016
https://dl.acm.org/doi/10.1007/978-3-662-49387-8_11
Kohlweiss MMaurer UOnete CTackmann BVenturi D(2015)De-Constructing TLS 1.3Proceedings of the 16th International Conference on Progress in Cryptology -- INDOCRYPT 2015 - Volume 946210.1007/978-3-319-26617-6_5(85-102)Online publication date: 6-Dec-2015
https://dl.acm.org/doi/10.1007/978-3-319-26617-6_5
Sobhdel YJalili R(2013)A UC-Secure Authenticated Contributory Group Key Exchange Protocol Based on Discrete LogarithmProceedings of the 9th International Conference on Information Systems Security - Volume 830310.1007/978-3-642-45204-8_29(390-401)Online publication date: 16-Dec-2013
https://dl.acm.org/doi/10.1007/978-3-642-45204-8_29
Coretti SMaurer UTackmann B(2013)Constructing Confidential Channels from Authenticated Channels--Public-Key Encryption RevisitedPart I of the Proceedings of the 19th International Conference on Advances in Cryptology - ASIACRYPT 2013 - Volume 826910.1007/978-3-642-42033-7_8(134-153)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1007/978-3-642-42033-7_8
Abdalla MBenhamouda FBlazy OChevalier CPointcheval D(2013)SPHF-Friendly Non-interactive CommitmentsPart I of the Proceedings of the 19th International Conference on Advances in Cryptology - ASIACRYPT 2013 - Volume 826910.1007/978-3-642-42033-7_12(214-234)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1007/978-3-642-42033-7_12
Katz JMaurer UTackmann BZikas V(2013)Universally composable synchronous computationProceedings of the 10th theory of cryptography conference on Theory of Cryptography10.1007/978-3-642-36594-2_27(477-498)Online publication date: 3-Mar-2013
https://dl.acm.org/doi/10.1007/978-3-642-36594-2_27
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents