Sciweavers

ACISP
2011
Springer

A Generic Variant of NIST's KAS2 Key Agreement Protocol

13 years 4 months ago
A Generic Variant of NIST's KAS2 Key Agreement Protocol
We propose a generic three-pass key agreement protocol that is based on a certain kind of trapdoor one-way function family. When specialized to the RSA setting, the generic protocol yields the so-called KAS2 scheme that has recently been standardized by NIST. On the other hand, when specialized to the discrete log setting, we obtain a new protocol which we call DH2. An interesting feature of DH2 is that parties can use different groups (e.g., different elliptic curves). The generic protocol also has a hybrid implementation, where one party has an RSA key pair and the other party has a discrete log key pair. The security of KAS2 and DH2 is analyzed in an appropriate modification of the extended Canetti-Krawczyk security model.
Sanjit Chatterjee, Alfred Menezes, Berkant Ustaogl
Added 23 Aug 2011
Updated 23 Aug 2011
Type Journal
Year 2011
Where ACISP
Authors Sanjit Chatterjee, Alfred Menezes, Berkant Ustaoglu
Comments (0)