Abstract
This paper surveys recent work on the design and analysis of key agreement protocols that are based on the intractability of the Diffe-Hellman problem. The focus is on protocols that have been standardized, or are in the process of being standardized, by organizations such as ANSI, IEEE, ISO/IEC, and NIST. The practical and provable security aspects of these protocols are discussed.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
R. Ankney, D. Johnson and M. Matyas, “The Unified Model”, contribution to X9F1, October 1995.
ANSI X9.42, Agreement of Symmetric Algorithm Keys Using Diffie-Hellman, working draft, May 1998.
ANSI X9.63, Elliptic Curve Key Agreement and Key Transport Protocols, working draft, July 1998.
M. Bellare, R. Canetti and H. Krawczyk, “Keying hash functions for message authentication”, Advances in Cryptology-Crypto’ 96, LNCS 1109, 1996, 1–15.
M. Bellare, R. Canetti and H. Krawczyk, “A modular approach to the design and analysis of authentication and key exchange protocols”, Proceedings of the 30th Annual ACM Symposium on the Theory of Computing, 1998. A full version of this paper is available at http://www-cse.ucsd.edu/users/mihir
M. Bellare, R. Guerin and P. Rogaway, “XOR MACs: New methods for message authentication using finite pseudorandom functions”, Advances in Cryptology-Crypto’ 95, LNCS 963, 1995, 15–28.
M. Bellare, J. Kilian and P. Rogaway, “The security of cipher block chaining”, Advances in Cryptology-Crypto’ 94, LNCS 839, Springer-Verlag, 1994, 341–358.
M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing e_cient protocols”, 1st ACM Conference on Computer and Communications Security, 1993, 62–73. A full version of this paper is available at http://www-cse.ucsd.edu/users/mihir
M. Bellare and P. Rogaway, “Entity authentication and key distribution”, Advances in Cryptology-Crypto’ 93, LNCS 773, 1994, 232–249. A full version of this paper is available at http://www-cse.ucsd.edu/users/mihir
M. Bellare and P. Rogaway, “Provably secure session key distribution — the three party case”, Proceedings of the 27th Annual ACM Symposium on the Theory of Computing, 1995, 57–66.
M. Bellare and P. Rogaway, “The exact security of digital signatures — how to sign with RSA and Rabin”, Advances in Cryptology-Eurocrypt’ 96, LNCS 1070, 1996, 399–416. A full version of this paper is available at http://www-cse.ucsd.edu/users/mihir
R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, and M. Yung, “Systematic design of two-party authentication protocols”, Advances in Cryptology-Crypto’ 91, LNCS 576, 1992, 44–61.
S. Blake-Wilson, D. Johnson and A. Menezes, “Key agreement protocols and their security analysis”, Proceedings of the sixth IMA International Conference on Cryptography and Coding, LNCS 1355, 1997, 30–45. A full version of this paper is available at http://www.cacr.math.uwaterloo.ca
S. Blake-Wilson and A. Menezes, “Entity authentication and authenticated key transport protocols employing asymmetric techniques”, Proceedings of the 5th International Workshop on Security Protocols, LNCS 1361, 1997, 137–158.
S. Blake-Wilson and A. Menezes, “Unknown key-share attacks on the station-to-station (STS) protocol”, Technical report CORR 98-42, University of Waterloo, 1998. Also available at http://www.cacr.math.uwaterloo.ca/
D. Boneh and R. Lipton, “Algorithms for black-box fields and their application to cryptography”, Advances in Cryptology-Crypto’ 96, LNCS 1109, 1996, 283–297.
M. Burmester, “On the risk of opening distributed keys”, Advances in Cryptology-Crypto’ 94, LNCS 839, 1994, 308–317.
M. Burrows, M. Abadi and R. Needham, “A logic of authentication”, ACM Transactions on Computer Systems, 8 (1990), 18–36.
R. Canetti, O. Goldreich and S. Halevi, “The random oracle methodology, revisited”, Proceedings of the 30th Annual ACM Symposium on the Theory of Computing, 1998.
W. Diffie and M. Hellman, “New directions in cryptography”, IEEE Transactions on Information Theory, 22 (1976), 644–654.
W. Diffie, P. van Oorschot and M. Wiener, “Authentication and authenticated key exchanges”, Designs, Codes and Cryptography, 2 (1992), 107–125.
C. Dwork and M. Naor, “An efficient existentially unforgeable signature scheme and its applications”, Journal of Cryptology, 11 (1998), 187–208.
K.C. Goss, “Cryptographic method and apparatus for public key exchange with authentication”, U.S. patent 4,956,865, September 11 1990.
IEEE P1363, Standard Specifications for Public-Key Cryptography, working draft, July 1998.
ISO/IEC 11770-3, Information Technology-Security Techniques-Key Management-Part 3: Mechanisms Using Asymmetric Techniques, draft, (DIS), 1996.
D. Johnson, Contribution to ANSI X9F1 working group, 1997.
B. Kaliski, Contribution to ANSI X9F1 and IEEE P1363 working groups, June 1998.
R. Kemmerer, C. Meadows and J. Millen, “Three systems for cryptographic protocol analysis”, Journal of Cryptology, 7 (1994), 79–130.
L. Law, A. Menezes, M. Qu, J. Solinas and S. Vanstone, “An efficient protocol for authenticated key agreement”, Technical report CORR 98-05, University of Waterloo, 1998. Also available at http://www.cacr.math.uwaterloo.ca/
C. Lim and P. Lee, “A key recovery attack on discrete log-based schemes using a prime order subgroup”, Advances in Cryptology-Crypto’ 97, LNCS 1294, 1997, 249–263.
T. Matsumoto, Y. Takashima and H. Imai, “On seeking smart public-key distribution systems”, The Transactions of the IECE of Japan, E69 (1986), 99–106.
U. Maurer and S. Wolf, “Diffie-Hellman oracles”, Advances in Cryptology-Crypto’ 96, LNCS 1109, 1996, 283–297.
A. Menezes, P. van Oorschot and S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997.
C. Mitchell, “Limitations of challenge-response entity authentication”, Electronics Letters, 25 (August 17, 1989), 1195–1196.
National Institute of Standards and Technology, “Secure Hash Standard (SHS)”, FIPS Publication 180-1, April 1995.
National Security Agency, “SKIPJACK and KEA algorithm specification”, Version 2.0, May 29 1998. Also available at http://csrc.nist.gov/encryption/ skipjack-kea.htm
R. Rivest and A. Shamir, “How to expose an eavesdropper”, Communications of the ACM, 27 (1984), 393–395.
A. Rubin and P. Honeyman, “Formal methods for the analysis of authentication protocols”, CITI Technical Report 93-7, Information Technology Division, University of Michigan, 1993. Also available at http://cs.nyu.edu/~rubin/
V. Shoup and A. Rubin, “Session key distribution using smart cards”, Advances in Cryptology-Eurocrypt’ 96, LNCS 1070, 1996, 321–331.
P. vanOorschot, “Extending cryptographic logics of belief to key agreement protocols”, 1st ACM Conference on Computer and Communications Security, 1993, 232–243.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Blake-Wilson, S., Menezes, A. (1999). Authenticated Diffe-Hellman Key Agreement Protocols. In: Tavares, S., Meijer, H. (eds) Selected Areas in Cryptography. SAC 1998. Lecture Notes in Computer Science, vol 1556. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48892-8_26
Download citation
DOI: https://doi.org/10.1007/3-540-48892-8_26
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65894-8
Online ISBN: 978-3-540-48892-7
eBook Packages: Springer Book Archive