A Generic Variant of NIST's KAS2 Key Agreement Protocol

13 years 3 months ago

Download www.cacr.math.uwaterloo.ca

We propose a generic three-pass key agreement protocol that is based on a certain kind of trapdoor one-way function family. When specialized to the RSA setting, the generic protocol yields the so-called KAS2 scheme that has recently been standardized by NIST. On the other hand, when specialized to the discrete log setting, we obtain a new protocol which we call DH2. An interesting feature of DH2 is that parties can use diﬀerent groups (e.g., diﬀerent elliptic curves). The generic protocol also has a hybrid implementation, where one party has an RSA key pair and the other party has a discrete log key pair. The security of KAS2 and DH2 is analyzed in an appropriate modiﬁcation of the extended Canetti-Krawczyk security model.

Sanjit Chatterjee, Alfred Menezes, Berkant Ustaogl

Real-time Traffic

ACISP 2011 | Discrete Log | Elliptic Curves | Generic Protocol | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	23 Aug 2011
Updated	23 Aug 2011
Type	Journal
Year	2011
Where	ACISP
Authors	Sanjit Chatterjee, Alfred Menezes, Berkant Ustaoglu

Comments (0)

Sciweavers

A Generic Variant of NIST's KAS2 Key Agreement Protocol

ACISP 2011 | Discrete Log | Elliptic Curves | Generic Protocol | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers