×

A generic variant of NIST’S KAS2 key agreement protocol. (English) Zbl 1279.94062

Parampalli, Udaya (ed.) et al., Information security and privacy. 16th Australasian conference, ACISP 2011, Melbourne, Australia, July 11–13, 2011. Proceedings. Berlin: Springer (ISBN 978-3-642-22496-6/pbk). Lecture Notes in Computer Science 6812, 353-370 (2011).
Summary: We propose a generic three-pass key agreement protocol that is based on a certain kind of trapdoor one-way function family. When specialized to the RSA setting, the generic protocol yields the so-called KAS2 scheme that has recently been standardized by NIST. On the other hand, when specialized to the discrete log setting, we obtain a new protocol which we call DH2. An interesting feature of DH2 is that parties can use different groups (e.g., different elliptic curves). The generic protocol also has a hybrid implementation, where one party has an RSA key pair and the other party has a discrete log key pair. The security of KAS2 and DH2 is analyzed in an appropriate modification of the extended Canetti-Krawczyk security model.
For the entire collection see [Zbl 1217.94003].

MSC:

94A60 Cryptography
94A62 Authentication, digital signatures and secret sharing
68P25 Data encryption (aspects in computer science)

Software:

NAXOS
Full Text: DOI