SAS-based Authenticated Key Agreement

Key agreement protocols are frequently based on the Diffie-Hellman protocol but require authenticating the protocol messages in two ways. This can be made by a cross-authentication protocol. Such protocols, based on the assumption that a channel which can authenticate short strings is available (SAS-based), have been proposed by Vaudenay. In this paper, we survey existing protocols and we propose a new one. Our proposed protocol requires three moves and a single SAS to be authenticated in two ways. It is provably secure in the random oracle model. We can further achieve security with a generic construction (e.g. in the standard model) at the price of an extra move. We discuss applications such as secure peer-to-peer VoIP


Published in:
The 9th International Conference on Theory and Practice of Public Key Cryptography - PKC '06, 3958, 395 - 409
Presented at:
The 9th International Conference on Theory and Practice of Public Key Cryptography - PKC '06, New-York, NY, U.S.A., April 24-26, 2006
Year:
2006
Publisher:
Springer
Keywords:
Other identifiers:
Laboratories:




 Record created 2007-01-18, last modified 2018-03-17

n/a:
Download fulltextPDF
External link:
Download fulltextURL
Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)