Journal of KIISE:Information Networking (한국정보과학회논문지:정보통신)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

A Diffie-Hellman Key Exchange Protocol in the Standard Model

표준 모델에서 안전한 Diffie-Hellman 키 교환 프로토콜

  • 정익래 (고려대학교 정보경영공학부) ;
  • 권정옥 (고려대학교 정보경영공학전문대학원) ;
  • 이동훈 (고려대학교 정보경영공학전문대학원) ;
  • 홍도원 (한국전자통신연구원 암호기술연구팀)
  • Published : 2008.12.15
Download PDF
⟨ Previous Next ⟩

Abstract

The MQV protocol has been regarded as the most efficient authenticated Diffie- Hellman key exchange protocol, and standardized by many organizations including the US NSA. In Crypto 2005, Hugo Krawczyk showed vulnerabilities of MQV to several attacks and suggested a hashed variant of MQV, called HMQV, which provides the same superb performance of MQV and provable security in the random oracle model. In this paper we suggest an efficient authenticated Diffie-Hellman key exchange protocol providing the same functionalities and security of HMQV without random oracles. So far there are no authenticated Diffie-Hellman protocols which are provably secure without using random oracles and achieve the same level of security goals of HMQV efficiently yet.

MQV 프로토콜은 가장 효율적인 Diffie-Hellman 키 교환 프로토콜로 여겨지고 있으며, 미국 NSA를 비롯한 많은 기관들에서 표준으로 채택되었다. Crypto 2005에서 Hugo Krawczyk는 MQV의 약점들을 보였으며, MQV를 변형한 HMQV를 제안했다. HMQV는 MQV와 비슷한 계산량을 요구하는 반면 다양한 안전성을 만족하며, 랜덤 오라클 모델에서 안전성 증명이 가능하다. 이 논문에서 HMQV가 제공하는 다양한 안전성을 만족하면서도 랜덤 오라클을 사용하지 않는 Diffie-Hellman 키 교환 프로토콜을 제안한다. 지금까지는 랜덤 오라클을 사용하지 않으면서 HMQV가 제공하는 다양한 안전성을 보장하는 Diffie-Hellman 키 교환 프로토콜은 존재하지 않았다.

Keywords

References

  1. Denning, D. and Sacco, G. M., "Timestamps in Key Distribution Protocols," Comm. ACM, Vol.24, No.8, pp. 533-536, 1981 https://doi.org/10.1145/358722.358740
  2. Canetti, R. and Krawczyk, H., "Analysis of Key- Exchange Protocols and Their Use for Building Secure Channels," EUROCRYPT 2001, LNCS 2045, pp. 453-474, 2001
  3. Krawczyk, H., "HMQV: A High-Performance Secure Diffie-Hellman Protocol," CRYPTO '05, LNCS 3621, pp. 546-566, 2005
  4. Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S., "An Efficient Protocol for Authenticated Key Agreement," Designs Codes and Cryptography, Vol.28, pp. 119-134, 2003 https://doi.org/10.1023/A:1022595222606
  5. Menezes, A., Qu, M., Vanstone, S., "Some new key agreement protocols providing mutual implicit authentication," SAC '95, pp. 22-32, 1995
  6. American National Standard (ANSI) X9.42-2001. Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography"
  7. American National Standard (ANSI) X9.63. Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport using Elliptic Curve Cryptography
  8. IEEE 1363-2000: Standard Specifications for Public Key Cryptography
  9. ISO/IEC IS 15946-3 Information technology-Security techniques: Cryptographic techniques based on elliptic curves-Part 3: Key establishment, 2002
  10. NIST Special Publication 800-56 (DRAFT): Recommendation on Key Establishment Schemes. Draft 2, Jan. 2003
  11. NSAs Elliptic Curve Licensing Agreement, presentation by Mr. John Stasak (Cryptography Office, National Security Agency) to the IETF's Security Area Advisory Group, Nov 2004. http://www.machshav.com/~smb/saag-11-2004/NSA-EC-License.pdf
  12. Krawczyk, H., "HMQV: A High-Performance Secure Diffie-Hellman Protocol," Full version of [15], in: eprint.iacr.org/2005/176, 2005
  13. Bellare, M., Boldyreva, A., Palacio, A., "An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem," EUROCRYPT 2004, LNCS 3027, pp. 171-188. 2004
  14. Canetti, R., Goldreich, O., Halevi, S., "The random oracle methodology, revisited," STOC '98, ACM, pp. 209-218, 1998
  15. Goldwasser, S. and Tauman, Y., "On the (In)security of the Fiat-Shamir Paradigm," FOCS '03, pp.102, 2003
  16. Canetti, R. and Krawczyk, H., "Security Analysis of IKE's Signature-Based Key-Exchange Protocol," CRYPTO '02, LNCS 2442, pp. 143-161, 2002
  17. Diffie, W., Oorschot, P. C. van, Wiener, M. J., "Authentication and Authenticated Key Exchanges," Designs, Codes and Cryptography, Vol.2, pp. 107-125, 1992 https://doi.org/10.1007/BF00124891
  18. Jeong, I. R., Katz, J., Lee. D. H., "One-Round Protocols for Two-Party Authenticated Key Exchange," ACNS '04, LNCS 3089, pp.220-232, 2004
  19. Shoup. V., "On Formal Models for Secure Key Exchange," Available at http://eprint.iacr.org
  20. Abdalla, M., Bellare, M., Rogaway, P., "DHAES: an encryption scheme based on the Diffie-Hellman problem," Submission to IEEE P1363, 1998
  21. Abdalla, M., Bellare, M., Rogaway, P., "The oracle Diffie-Hellman assumption and an analysis of DHIES," CT-RSA '01, LNCS 2020, pp.143-158, 2001
  22. Secure hash standard. National Institute of Standards and Technology, NIST FIPS PUB 180-1, U.S. Department of Commerce, Apr. 1995