Unified security model of authenticated key exchange with specific adversarial capabilities

Unified security model of authenticated key exchange with specific adversarial capabilities

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

The most widely accepted models in the security proofs of authenticated key exchange protocols are the Canetti–Krawczyk (CK) and extended CK models that admit different adversarial queries with ambiguities and incomparable strength. It is desirable to incorporate specific and powerful adversarial queries into a single unified security model and establish a more practical oriented security notion. Concerning the security of one-round implicitly authenticated Diffie–Hellman (DH) key exchange protocols, the authors present a unified security model that has many advantages over the previous ones. In the model, a system environment is set up, all of adversarial queries are practically interpreted and definitely characterised through physical environment, and some rigorous rules of secret leakage are also specified. To demonstrate usability of their model, a new protocol based on the OAKE protocol is proposed, which satisfies the presented strong security notion and attains high efficiency. The protocol is proven secure in random oracle model under gap DH assumption.


    1. 1)
      • 1. Bellare, M., Rogaway, P.: ‘Entity authentication and key distribution’. Proc. Int. Conf. Cryptology (CRYPTO 1993), 1993, (LNCS, 773), pp. 232249.
    2. 2)
      • 2. Canetti, R., Krawczyk, H.: ‘Analysis of key-exchange protocols and their use for building secure channels’. Proc. Int. Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT 2001), 2001, (LNCS, 2045), pp. 453474.
    3. 3)
      • 3. LaMacchia, B., Lauter, K., Mityagin, A.: ‘Stronger security of authenticated key exchange’. Proc. Int. Conf. Provable Security (ProvSec 2007), 2007, (LNCS, 4784), pp. 116.
    4. 4)
      • 4. Sarr, A.P., Elbaz-Vincent, P., Bajard, J.: ‘A new security model for authenticated key agreement’. Proc. Int. Conf. Security and Cryptography for Networks (SCN 2010), 2010, (LNCS, 6280), pp. 219234.
    5. 5)
      • 5. Cremers, C.J.F.: ‘Session-state reveal is stronger than ephemeral key reveal: attacking the NAXOS key exchange protocol’. Proc. Int. Conf. Applied Cryptography and Network Security (ACNS 2009), 2009, (LNCS, 5536), pp. 2033.
    6. 6)
      • 6. Cremers, C.J.F.: ‘Formally and practically relating the CK, CK-HMQV, and eCK security models for authenticated key exchange’, IACR Cryptology ePrint Archiveb, Report 2009/253, 2009.
    7. 7)
      • 7. Ustaoglu, B.: ‘Comparing SessionStateReveal and EphemeralKeyReveal for Diffie–Hellman protocols’. Proc. Int. Conf. Provable Security (ProvSec 2009), 2009 (LNCS, 5848), pp. 183197.
    8. 8)
    9. 9)
      • 9. Okamoto, T.: ‘Authenticated key exchange and key encapsulation in the standard model’. Proc. Int. Conf. Theory and Application of Cryptology and Information Security (ASIACRYPT 2007), 2007 (LNCS, 4833), pp. 474484.
    10. 10)
      • 10. Yao, A.C., Zhao, Y.: ‘OAKE: a new family of implicitly authenticated Diffie–Hellman protocols’. Proc. ACM Conf. Computer and Communications Security (CCS 2013), pp. 11131128.
    11. 11)
      • 11. Krawczyk, H.: ‘HMQV: a high-performance secure Diffie–Hellman protocol’. Proc. Int. Conf. Cryptology (CRYPTO 2005), 2005 (LNCS, 3621), pp. 546566.
    12. 12)
      • 12. Cremers, C.J.F., Feltz, M.: ‘Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal’. European Symp. on Research in Computer Security (ESORICS 2012), 2012, (LNCS, 7459), pp. 734751.
    13. 13)
      • 13. Yoneyama, K., Zhao, Y.: ‘Taxonomical security consideration of authenticated key exchange resilient to intermediate computation leakage’. Proc. Int. Conf. Provable Security (ProvSec 2011), 2011, (LNCS, 6980), pp. 348365.
    14. 14)
      • 14. Sarr, A.P., Elbaz-Vincent, P., Bajard, J.: ‘A secure and efficient authenticated Diffie–Hellman protocol’. Proc. European Workshop on Public key Infrastructures, Services and Applications (EuroPKI 2010), 2010, (LNCS, 6391), pp. 8398.
    15. 15)
      • 15. Yao, A.C., Zhao, Y.: ‘A new family of practical non-malleable protocols’. IACR Cryptology ePrint Archive, Report 2011/035, 2011.
    16. 16)
      • 16. Fujioka, A., Suzuki, K., Xagawa, K., et al: ‘Strongly secure authenticated key exchange from factoring, codes, and lattices’. Proc. Int. Conf. Practice and Theory in Public-Key Cryptography (PKC 2012), 2012, (LNCS, 7293), pp. 467484.
    17. 17)
      • 17. Sarr, A.P., Elbaz-Vincent, P.: ‘A complementary analysis of the (s)YZ and DIKE protocols’. Proc. Int. Conf. Cryptology (AFRICACRYPT 2012), 2012, (LNCS, 7374), pp. 203220.
    18. 18)
      • 18. Bellare, M., Brakerski, Z., Naor, M., et al: ‘Hedged public-key encryption: how to protect against bad randomness’. IACR Cryptology ePrint Archive, Report 2012/220, 2012.
    19. 19)
      • 19. Benoît, O., Peyrin, T.: ‘Side-channel analysis of six SHA-3 candidates’. Proc. Int. Conf. Cryptographic Hardware and Embedded Systems (CHES 2010), 2010, (LNCS, 6225), pp. 140157.
    20. 20)
    21. 21)
      • 21. Cremers, C.J.F., Feltz, M.: ‘One-round strongly secure key exchange with perfect forward secrecy and deniability’. IACR Cryptology ePrint Archive, Report 2011/300, 2011.
    22. 22)
      • 22. Moriyama, D., Okamoto, T.: ‘An eCK-secure authenticated key exchange protocol without random oracles’. Proc. Int. Conf. Provable Security (ProvSec 2009), 2009, (LNCS, 5848), pp. 154167.
    23. 23)
      • 23. Okamoto, T., Pointcheval, D.: ‘The gap-problems: a new class of problems for the security of cryptographic schemes’. Proc. Int. Conf. Practice and Theory in Public-Key Cryptography (PKC 2001), 2001, (LNCS, 1992), pp. 104118.
    24. 24)
      • 24. Boyd, C., Cliff, Y., Nieto, J.G., et al: ‘Efficient one-round key exchange in the standard model’. ‘mtInformation Security and Privacy’|, 2008, (LNCS, 5107), pp. 6983.
    25. 25)
      • 25. Cremers, C.: ‘Examining indistinguishability-based security models for key exchange protocols: the case of CK, CK-HMQV, and eCK’. Proc. Sixth ACM Symp. on Information, Computer and Communications Security, (ASIACCS 2011), pp. 8091.
    26. 26)
      • 26. Blum, M., Feldman, P., Micali, S.: ‘Non-interactive zero-knowledge and its applications’. ACM Symp. on Theory of Computing (STOC 1988), pp. 103112.
    27. 27)

Related content

This is a required field
Please enter a valid email address