Deniable Version of SIGMA Key Exchange Protocol Resilient to Ephemeral Key Leakage

Krzywiecki, Łukasz

doi:10.1007/978-3-319-12475-9_25

Cited by 2 publications

(3 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Authors of [34] proposed a ring signature based scheme, useful for vehicles key exchange and authentication. Note that they use idea close to one already presented in [2]. However, as it was signaled in [2], the ring signature based authentication makes the schemes vulnerable to KCI and eKCI-adversary knowing the peer long term key can impersonate other parties to that peer.…”

Section: Previous Workmentioning

confidence: 94%

“…Note that they use idea close to one already presented in [2]. However, as it was signaled in [2], the ring signature based authentication makes the schemes vulnerable to KCI and eKCI-adversary knowing the peer long term key can impersonate other parties to that peer. In [35] the lattice based HMQV version for postquantum era was proposed.…”

Section: Previous Workmentioning

confidence: 94%

“…The deniability property for AKE protocols [1,2] guarantees that parties still can mutually verify their identities, but the transcript of the protocol cannot be regarded as a proof that the parties have executed the protocol together. We distinguish the initiator deniability and the responder deniability as the deniability feature can be achieved for each party independently.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Deniable Key Establishment Resistance against eKCI Attacks

Krzywiecki

Wlisłocki

2017

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

In extended Key Compromise Impersonation (eKCI) attack against authenticated key establishment (AKE) protocols the adversary impersonates one party, having the long term key and the ephemeral key of the other peer party. Such an attack can be mounted against variety of AKE protocols, including 3-pass HMQV. An intuitive countermeasure, based on BLS (Boneh-Lynn-Shacham) signatures, for strengthening HMQV was proposed in literature. The original HMQV protocol fulfills the deniability property: a party can deny its participation in the protocol execution, as the peer party can create a fake protocol transcript indistinguishable from the real one. Unfortunately, the modified BLS based version of HMQV is not deniable. In this paper we propose a method for converting HMQV (and similar AKE protocols) into a protocol resistant to eKCI attacks but without losing the original deniability property. For that purpose, instead of the undeniable BLS, we use a modification of Schnorr authentication protocol, which is deniable and immune to ephemeral key leakages.

show abstract

Section: Previous Workmentioning

confidence: 94%