The MQV protocol of Law, Menezes, Qu, Solinas and Vanstone is possibly the most efficient of all known authenticated Diffie-Hellman protocols that use public-key authentication. In addition to great performance, the protocol has been designed to achieve a remarkable list of security properties. As a result MQV has been widely standardized, and has recently been chosen by the NSA as the key exchange mechanism underlying “the next generation cryptography to protect US government information”. One question that has not been settled so far is whether the protocol can be proven secure in a rigorous model of key-exchange security. In order to provide an answer to this question we analyze the MQV protocol in the Canetti-Krawczyk model of key exchange. Unfortunately, we show that MQV fails to a variety of attacks in this model that invalidate its basic security as well as many of its stated security goals. On the basis of these findings, we present HMQV, a carefully designed variant of MQV, that provides the same superb performance and functionality of the original protocol but for which all the MQV’s security goals can be formally proved to hold in the random oracle model under the computational Diffie-Hellman assumption. We base the design and proof of HMQV on a new form of “challenge-response signatures”, derived from the Schnorr identification scheme, that have the property that both the challenger and signer can compute the same signature; the former by having chosen the challenge and the latter by knowing the private signature key.

References in zbMATH (referenced in 80 articles , 1 standard article )

Showing results 1 to 20 of 80.
Sorted by year (citations)

1 2 3 4 next

  1. Fan, Xuejun; Xu, Xiu; Li, Bao: Group key exchange protocols from supersingular isogenies (2021)
  2. Cohn-Gordon, Katriel; Cremers, Cas; Dowling, Benjamin; Garratt, Luke; Stebila, Douglas: A formal security analysis of the Signal messaging protocol (2020)
  3. Feltz, Michèle; Cremers, Cas: Strengthening the security of authenticated key exchange against bad randomness (2018)
  4. Brzuska, Chris; Jacobsen, Håkon: A modular security analysis of EAP and IEEE 802.11 (2017)
  5. Ding, Jintai; Alsayigh, Saed; Lancrenon, Jean; RV, Saraswathy; Snook, Michael: Provably secure password authenticated key exchange based on RLWE for the post-quantum world (2017)
  6. Günther, Felix; Hale, Britta; Jager, Tibor; Lauer, Sebastian: 0-RTT key exchange with full forward secrecy (2017)
  7. Jager, Tibor; Kohlar, Florian; Schäge, Sven; Schwenk, Jörg: Authenticated confidential channel establishment and the security of TLS-DHE (2017)
  8. Tian, Yangguang; Yang, Guomin; Mu, Yi; Zhang, Shiwei; Liang, Kaitai; Yu, Yong: One-round attribute-based key exchange in the multi-party setting (2017)
  9. Zhou, Limin; Lv, Fengju: A simple provably secure AKE from the LWE problem (2017)
  10. Alekseev, E. K.; Oshkin, I. B.; Popov, V. O.; Smyshlyaev, S. V.: On the cryptographic properties of algorithms accompanying the applications of standards GOST R 34.11-2012 and GOST R 34.10-2012 (2016)
  11. Coron, Jean-Sébastien: Security analysis of the modular enhanced symmetric role authentication (mERA) protocol (2016)
  12. del Pino, Rafael; Lyubashevsky, Vadim; Pointcheval, David: The whole is less than the sum of its parts: constructing more efficient lattice-based AKEs (2016)
  13. Kılınç, Handan; Vaudenay, Serge: Efficient public-key distance bounding protocol (2016)
  14. Tian, Yangguang; Yang, Guomin; Mu, Yi; Liang, Kaitai; Yu, Yong: One-round attribute-based key exchange in the multi-party setting (2016)
  15. Yang, Zheng; Li, Shuangqing: On security analysis of an after-the-fact leakage resilient key exchange protocol (2016)
  16. Cremers, Cas; Feltz, Michèle: Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal (2015)
  17. Dousti, Mohammad Sadeq; Jalili, Rasool: FORSAKES: a forward-secure authenticated key exchange protocol based on symmetric key-evolving schemes (2015)
  18. Fujioka, Atsushi; Suzuki, Koutarou; Xagawa, Keita; Yoneyama, Kazuki: Strongly secure authenticated key exchange from factoring, codes, and lattices (2015)
  19. Hamburg, Mike: Decaf: eliminating cofactors through point compression (2015)
  20. Wang, Ding; Wang, Nan; Wang, Ping; Qing, Sihan: Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity (2015)

1 2 3 4 next