Welcome to the resource topic for 2002/059
Title:
Universally Composable Notions of Key Exchange and Secure Channels
Authors: Ran Canetti, Hugo Krawczyk
Abstract:Recently, Canetti and Krawczyk (Eurocrypt 2001) formulated a notion of
security for key-exchange (KE) protocols, called SK-security, and
showed that this notion suffices for constructing secure channels.
Their model and proofs, however, do not suffice for proving more general
composability properties of SK-secure KE protocols.
We show that while the notion of SK-security is strictly
weaker than a fully-idealized notion of key exchange security, it
is sufficiently robust for providing secure composition with
arbitrary protocols. In particular, SK-security guarantees the security
of the key for any application that desires to set-up secret keys
between pairs of parties. We also provide new definitions of
secure-channels protocols with similarly strong composability properties,
and show that SK-security suffices for obtaining these definitions.
To obtain these results we use the recently proposed framework of
“universally composable (UC) security.”
We also use a new tool, called “non-information
oracles,” which will probably find applications beyond the present case.
These tools allow us to bridge between seemingly limited
indistinguishability-based definitions such as SK-security and
more powerful, simulation-based definitions, such as UC-security,
where general composition theorems can be proven.
Furthermore, based on such composition theorems we reduce the
analysis of a full-fledged multi-session key-exchange protocol to the
(simpler) analysis of individual, stand-alone,
key-exchange sessions.
ePrint: https://eprint.iacr.org/2002/059
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .