Sciweavers

Share
CCS
2008
ACM

Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard

12 years 1 months ago
Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard
The Unified Model (UM) key agreement protocol is an efficient Diffie-Hellman scheme that has been included in many cryptographic standards, most recently in the NIST SP 80056A standard. The UM protocol is believed to possess all important security attributes including key authentication and secrecy, resistance to unknown key-share attacks, forward secrecy, resistance to known-session key attacks, and resistance to leakage of ephemeral private keys, but is known to succumb to key-compromise impersonation attacks. In this paper we present a strengthening of the Canetti-Krawczyk security definition for key agreement that captures resistance to all important attacks that have been identified in the literature with the exception of key-compromise impersonation attacks. We then present a reductionist security proof that the UM protocol satisfies this new definition in the random oracle model under the Gap Diffie-Hellman assumption. Categories and Subject Descriptors E.3 [Data Encryption]: P...
Alfred Menezes, Berkant Ustaoglu
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where CCS
Authors Alfred Menezes, Berkant Ustaoglu
Comments (0)
books