Design And Analysis Of Authenticated Key Exchange Protocols

Authenticated key agreement protocol is one of the fundamental research topics of cryptography, and allows two or more parties to establish secret key securely in the presence of active adversary, the secret key would ensure later secure communication among the parties. There are two important requirements for these protocols:efficiency and security. Efficiency is evaluated using the computational overhead and the communication overhead to execute a protocol. In modern cryptography, one way to ensure the security of a protocol is by means of provable security. Provable security consists of a security model that specifies the capabilities and the goals of an adversary against the protocol, one or more cryptographic assumptions, and a reduction showing that breaking the protocol within the security model leads to breaking the assumptions. Often, efficiency and provable security are not easy to achieve simultaneously. The design of efficient protocols in a strict security model with a tight reduction is challenging. This paper makes comparative deep research for authenticated key agreement protocols with provable security. The main researches in the paper are as follows:1. The security of a recently proposed password-based two-party authenticated key exchange protocol was analyzed. Although it is provably secure in the standard model, it is vulnerable to reflection attacks. A modify scheme is proposed, which eliminates the defect of original scheme and improves the efficiency of the protocol. The security of the proposed scheme has been proven in the standard model under DDH assumption. Results show it provides perfect forward secrecy.2. Two identity-based authenticated exchange protocols are proposed based on additive elliptic curve group, and the security of proposed protocols can be proved in the extended Canetti-Krawczyk (eCK) model. Protocol I makes use of a new technique called NAXOS trick proposed by LaMacchia, Lauter and Mityagin, which enjoys a simple and tight security reduction. Protocol II, without using the NAXOS trick, is still secure even if the exponent of an ephemeral public key is leaked. Both proposals achieve strong security, and can be proved under the random oracle assumption and the Gap Bilinear Diffie-Hellman assumption.3. Basesd on twin Diffie-Hellman problem introduced by Cash, Kiltz and Shoup, two certificateless authenticated two-party key agreement protocols using bilinear pair are proposed. To construct an effective decision oracle for twin Diffie-Hellman problem, two generic methods of extracting partial private key are proposed. The first one, with two master keys and one hash function; the second one, with one master key and two hash functions. Then two methods are applied to the design of protocols respectively. When compared with other schemes, the proposed protocols, with the same message bandwidth, achieve efficiency in computational cost. The security of the proposed schemes has been proven in the random oracle model without Gap assumption.4. Two rounds authenticated group key exchang protocol is proposed, which does not require group leader or form the entities into some logic structure. The scheme is robust as loss of messages from some participants does not prevent other participants from calculating the group key.5. Two password-based authenticated group key exchange protocols are analyzed, and results show an attack can be exploited by adversary against their schemes due to redundancy of the protocols. Then a provably-secure password-based constant-round group key exchange protocol is proposed which achieves efficiency in terms of computation and communication. It is based on the protocol of Burmester and Desmedt and is provably-secure in the random-oracle and ideal-cipher models.