Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented."— Presentation transcript:

1 1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented by Bin-Cheng Tzeng 2002/10/01

2 2 Outlines  Introduction  Digital signature schemes for Diffie- Hellman public keys  Key agreement protocols  Possible attacks  Proposed protocol  Conclusions

3 3 Introduction  Diffie and Hellman proposed in 1976 the public-key distribution scheme  The scheme requires an authentication channel to exchange the public keys  Use digital signatures of the exchanged public keys to provide authentication

4 4 Introduction  The security assumption for most signature schemes are based on some well-known computational problems  The security of a one-way hash function is based on the complexity of analysing a simple iterated function  It would be more secure to have a key distribution without using one-way hash functions

5 5 Introduction  The MQV key agreement protocol proposed in 1995  In 1998, authors published a key agreement protocol  Some attacks on this key agreement protocol were found  The attacks can easily be avoided by modifying the signature signing equation

6 6 Digital signature schemes for Diffie-Hellman public keys  r =  k mod p  k and r : short-term private key and short- term public key  x : long-term private key  y =  x mod p : long-term public key

7 7 Key agreement protocols  A sends {r A, s A, cert(y A )} to B  B sends {r B, s B, cert(y B )} to A  A verifies r B and computes the shared secret key  B verifies r A and computes the shared secret key

8 8 Possible attack  Does not offer perfect forward secrecy  Assume that the protocol uses x = rk + s  is the long-term shared secret key

9 9 Proposed protocol  Enables A and B to share multiple secret keys in one round of message exchange  To share four secrets : A generates two random short-term secret keys, k A1 and k A2,public keys r A1, r A2 signature s A for {r A1, r A2 } for example :

10 10 Proposed protocol(cont.)  A sends {r A1, r A2, s A, cert(y A )} to B  B does the same things  A verifies {r B1, r B2 }  A computes the shared secret keys as

11 11 Proposed protocol(cont.)  B verifies {r A1, r A2 } and computes the shared secret keys as

12 12 Discussion  Have modified the original protocol in signature signing and verification equations  The attacks on the original protocol cannot work successfully in this modified protocol  This modified protocol does not increase any computational load and does not involve any additional one-way hash function

13 13 Discussion(cont.)  Multiplying these two equations together

14 14 Discussion(cont.)  If the adversary knows four consecutive shared secret keys, he can solve the long-term shared secret K AB  To achieve the perfect forward secrecy, limit ourselves to use only three out of the four shared secret keys  The protocol can be generalised to enable A and B to share n 2 -1 secrets if each user sends n Diffie- Hellman public keys in each pass

15 15 Conclusions  The security assumption relies solely on solving the discrete logarithm problem  This protocol allows two parties to share multiple secret keys in two-pass interaction  The computation for shared secret keys is simpler than the MQV protocol

Download ppt "1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented."

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.

Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.

Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.
1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.

1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Similar presentations

Ads by Google