Abstract
Joux’s protocol [29] is a one round, tripartite key agreement protocol that is more bandwidth-efficient than any previous three-party key agreement protocol. But it is insecure, suffering from a simple man-in-the-middle attack. This paper shows how to make Joux’s protocol secure, presenting several tripartite, authenticated key agreement protocols that still require only one round of communication and no signature computations. A pass-optimal authenticated and key confirmed tripartite protocol that generalises the station-to-station protocol is also presented. The security properties of the new protocols are studied using provable security methods and heuristic approaches. Applications for the protocols are also discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Al-Riyami, S.S., Paterson, K.G.: Authenticated three party key agreement protocols from pairings. Cryptology ePrint Archive, Report 2002/035 (2002), http://eprint.iacr.org/
American National Standards Institute - ANSI X9.42. Public key cryptography for the financial services industry: Agreement of symmetric keys using discrete logarithm cryptography (2001)
American National Standards Institute - ANSI X9.63. Public key cryptography for the financial services industry: Key agreement and key transport using elliptic curve cryptography (2001)
Ankney, R., Johnson, D., Matyas, M.: The Unified Model - contribution to X9F1 (October 1995)
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Bellare, M., Rogaway, P.: Provably secure session key distribution: The three party case. In: Proceedings of the Twenty-Seventh Annual ACM Symposium on Theory of Computing STOC, pp. 57–66. ACM, New York (1995)
Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997)
Blake-Wilson, S., Menezes, A.: Authenticated Diffie-Hellman key agreement protocols. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 339–361. Springer, Heidelberg (1999)
Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. SIAM J. Computing 32(3), 586–615 (2003), full version of [11] http://www.crypto.stanford.edu/~dabo/abstracts/ibe.html
Boyd, C.: Towards extensional goals in authentication protocols. In: Proceedings of the 1997 DIMACS Workshop on Design and Formal Verification of Security Protocols (1997), http://www.citeseer.nj.nec.com/boyd97towards.html/
Bresson, E., Chevassut, O., Pointcheval, D.: Dynamic group Diffie-Hellman key exchange under standard assumptions. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 321–336. Springer, Heidelberg (2002)
Burmester, M.: On the risk of opening distributed keys. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 308–317. Springer, Heidelberg (1994)
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)
Cha, J.C., Cheon, J.H.: An identity-based signature from gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2002)
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)
Diffie, W., van Oorschot, P.C., Wiener, M.: Authentication and authenticated key exchanges. Designs, Codes and Cryptography 2, 107–125 (1992)
Galbraith, S.D.: Supersingular curves in cryptography. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 495–513. Springer, Heidelberg (2001)
Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)
Galbraith, S.D., Hopkins, H.J., Shparlinski, I.E.: Secure Bilinear Diffie-Hellman bits. Cryptology ePrint Archive, Report 2002/155 (2002), http://eprint.iacr.org/
Gentry, C., Silverberg, A.: Heirarchical ID-based cryptography. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 548–566. Springer, Heidelberg (2002)
Hess, F.: Efficient identity based signature schemes based on pairings. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 310–324. Springer, Heidelberg (2003)
Hoffman, P.: Features of proposed successors to IKE. Internet Draft, draft-ietf-ipsec-soi-features-01.txt (2002)
IEEE P1363. Standard specifications for public key cryptography (2000), http://grouper.ieee.org/groups/1363/index.html
ISO/IEC 15946-3. Information technology - security techniques - cryptographic techniques based on elliptic curves - part 3: Key establishment (awaiting publication)
Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)
Kaliski Jr, B.: An unknown key-share attack on the MQV key agreement protocol. ACM Trans. on Information and Systems Security 4(3), 275–288 (2001)
Kim, M., Kim, K.: A new identification scheme based on the bi-linear Diffie-Hellman problem. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 362–378. Springer, Heidelberg (2002)
Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.A.: An efficient protocol for authenticated key agreement. Technical Report CORR 98-05, Department of C & O, University of Waterloo, 1998. To appear in Designs, Codes and Cryptography (1998)
Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.A.: An efficient protocol for authenticated key agreement. Designs, Codes and Cryptography 28(2), 119–134 (2003)
Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 249–263. Springer, Heidelberg (1997)
Lowe, G.: Some new attacks upon security protocols. In: PCSFW: Proceedings of The 9th Computer Security Foundations Workshop, pp. 162–169. IEEE Computer Society Press, Los Alamitos (1996)
Matsumoto, T., Takashima, Y., Imai, H.: On seeking smart public-key-distribution systems. Trans. IECE of Japan E69, 99–106 (1986)
Menezes, A., Qu, M., Vanstone, S.: Some new key agreement protocols providing mutual implicit authentications. In: 2nd Workshop on Selected Areas in Cryptography (SAC 1995), May 1995, pp. 22–32 (1995)
Menezes, A., van Oorschot, P.C., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Mitchell, C., Ward, M., Wilson, P.: Key control in key agreement protocols. Electronics Letters 34, 980–981 (1998)
Paterson, K.G.: ID-based signatures from pairings on elliptic curves. Electronics Letters 38(18), 1025–1026 (2002)
Roscoe, A.: Intensional specifications of security protocols. In: Proceedings 9th IEEE Computer Security Foundations Workshop, pp. 28–38. IEEE Computer Society Press, Los Alamitos (1996)
Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: The 2000 Symposium on Cryptography and Information Security, Okinawa, Japan (January 2000)
Shim, K.: Cryptanalysis of Al-Riyami-Paterson’s authenticated three party key agreement protocols. Cryptology ePrint Archive, Report 2003/122 (2003), http://eprint.iacr.org/
Shoup, V.: On formal models for secure key exchange. IBM Technical Report RZ 3120 (1999), http://shoup.net/papers
Smart, N.P.: An identity based authenticated key agreement protocol based on the Weil pairing. Electronics Letters 38(13), 630–632 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Al-Riyami, S.S., Paterson, K.G. (2003). Tripartite Authenticated Key Agreement Protocols from Pairings. In: Paterson, K.G. (eds) Cryptography and Coding. Cryptography and Coding 2003. Lecture Notes in Computer Science, vol 2898. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40974-8_27
Download citation
DOI: https://doi.org/10.1007/978-3-540-40974-8_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20663-7
Online ISBN: 978-3-540-40974-8
eBook Packages: Springer Book Archive