Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Efficient (Ideal) Lattice Sieving Using Cross-Polytope LSH Kapitel lesen Erstes Kapitel lesen

2016 | OriginalPaper | Buchkapitel

On the Security of the (F)HMQV Protocol

verfasst von : Augustin P. Sarr, Philippe Elbaz–Vincent

Erschienen in: Progress in Cryptology – AFRICACRYPT 2016

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The HMQV protocol is under consideration for IEEE P1363 standardization. We provide a complementary analysis of the HMQV protocol. Namely, we point a Key Compromise Impersonation (KCI) attack showing that the two and three pass HMQV protocols cannot achieve their security goals. Next, we revisit the FHMQV building blocks, design and security arguments; we clarify the security and efficiency separation between HMQV and FHMQV, showing the advantages of FHMQV over HMQV.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Prover-Efficient Commit-and-Prove Zero-Knowledge SNARKs
Nächstes Kapitel Non-Interactive Verifiable Secret Sharing for Monotone Circuits
Fußnoten
1
This is to date the best sieving algorithm for discrete logarithm over a prime field.
 
2
It takes few seconds on a i7–4790K to find such primes.
 
3
To launch this phase in the two–pass HMQV, the attacker has simply to wait, for instance, that \(\hat{B}\) uses the key to authenticate some value he/she knows.
 
4
Their abstract starts with “HMQV is one of the most efficient (provably secure) authenticated key–exchange protocols based on public–key cryptography, and is widely standardized.” To date, we are not aware of any standardization body which has already adopted the HMQV protocol.
 
5
These implementation approaches are not the only possible, however they seem to be common enough in real word to be considered in the model.
 
6
There is no dynamic key registration query in the eCK model [19]; the adversary is only allowed to select dishonest parties before starting its game. Dynamic key registration permits the adversary to select the parties it sets as dishonest after having seen their behaviour; this is an advantage for the adversary, and does not affect the comparability between the seCK and the eCK models.
 
7
Given the work [8], the Claim 1 from [21] about the formal incomparability between \(\text {CK}_\text {FHMQV}\) and the \(\text {CK}_\text {HMQV}\) models is trivial.
 
Literatur
1.
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: NIST Special Publication 800–57 Recommendation for Key Management - Part 1: General (Revision 3), (see also the draft of Revision 4 at http://​tinyurl.​com/​qdluuqj)
2.
Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 390–399. ACM (2006)
3.
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)CrossRef
4.
Boyd, C., Cremers, C., Feltz, M., Paterson, K.G., Poettering, B., Stebila, D.: ASICS: authenticated key exchange security incorporating certification systems. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 381–399. Springer, Heidelberg (2013)CrossRef
5.
Boyd, C., Cremers, C., Feltz, M., Paterson, K.G., Poettering, B., Stebila, D.: ASICS: authenticated key exchange security incorporating certification systems. Cryptology ePrint Archive: Report 2013/398 (2013)
6.
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRef
7.
Chalkias, K., Baldimtsi, F., Hristu-Varsakelis, D., Stephanides, G.: Two types of key-compromise impersonation attacks against one-pass key establishment protocols. In: Filipe, J., Obaidat, M.S. (eds.) E-business and Telecommunications. Communications in Computer and Information Science, vol. 23, pp. 227–238. Springer, Heidelberg (2009)CrossRef
8.
Cremers, C.: Examining indistinguishability-based security models for key exchange protocols: the case of CK, CK-HMQV, and eCK. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 80–91. ACM (2011)
9.
Cremers, C., Feltz, M.: Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal. Des. Codes Crypt. 74(1), 183–218 (2013). SpringerMathSciNetCrossRefMATH
10.
Cullinan, J., Hajir, F.: Primes of prescribed congruence class in short intervals. Integers 12, A56 (2012). De GruyterMathSciNetMATH
11.
Ellison, W., Ellison, F.: Prime Numbers. Wiley and Hermann Editions, New York (1985)MATH
12.
Gopalakrishnan, K., Thériault, N., Yao, C.Z.: Solving discrete logarithms from partial knowledge of the key. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 224–237. Springer, Heidelberg (2007)CrossRef
13.
14.
Güneysu T., Pfeiffer G., Paar C., Schimmler M.: Three years of evolution: cryptanalysis with COPACOBANA. In: Workshop Record of Special-Purpose Hardware for Attacking Cryptographic Systems–SHARCS 2009 (2009)
15.
16.
Krawczyk, H.: HMQV: a hight performance secure diffie-hellman protocol. Cryptology ePrint Archive, Report 2005/176 (2005)
17.
18.
Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., Rupp, A., Schimmler, M.: How to break DES for € 8,980. In: International Workshop on Special-Purpose Hardware for Attacking Cryptographic Systems – SHARCS 2006, Cologne, April 2006
19.
LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)CrossRef
20.
Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An efficient protocol for authenticated key agreement. Des. Codes Crypt. 28(2), 119–134 (2003). SpringerMathSciNetCrossRefMATH
21.
Liu, S., Sakurai, K., Weng, J., Zhang, F., Zhao, Y.: Security model and analysis of FHMQV, revisited. In: Lin, D., Xu, S., Yung, M. (eds.) Inscrypt 2013. LNCS, vol. 8567, pp. 255–269. Springer, Heidelberg (2014)
22.
23.
Menezes, A.: Another Look at HMQV. Cryptology ePrint Archive: Report 2005/205 (2005)
24.
Menezes, A., Ustaoglu, B.: On the importance of public-key validation in the MQV and HMQV key agreement protocols. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 133–147. Springer, Heidelberg (2006)CrossRef
25.
Odlyzko, A.M.: Discrete logarithms in finite fields and their cryptographic significance. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 224–314. Springer, Heidelberg (1985)CrossRef
26.
Sarr, A.P., Elbaz-Vincent, P., Bajard, J.-C.: A secure and efficient authenticated diffie–hellman protocol. In: Martinelli, F., Preneel, B. (eds.) EuroPKI 2009. LNCS, vol. 6391, pp. 83–98. Springer, Heidelberg (2010)CrossRef
27.
Sarr, A.P., Elbaz-Vincent, P., Bajard, J.C.: A Secure and Efficient Authenticated Diffie-Hellman Protocol. Cryptology ePrint Archive: Report 2009/408 (2009)
28.
Sarr, A.P., Elbaz-Vincent, P., Bajard, J.-C.: A new security model for authenticated key agreement. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 219–234. Springer, Heidelberg (2010)CrossRef
29.
30.
31.
32.
33.
34.
Metadaten
Titel
On the Security of the (F)HMQV Protocol
verfasst von
Augustin P. Sarr
Philippe Elbaz–Vincent
Copyright-Jahr
2016
Buch
Progress in Cryptology – AFRICACRYPT 2016

Print ISBN: 978-3-319-31516-4

Electronic ISBN: 978-3-319-31517-1

Copyright-Jahr: 2016

DOI
https://doi.org/10.1007/978-3-319-31517-1_11

Premium Partner

    Bildnachweise