Filters








4 Hits in 2.8 sec

Comparing SessionStateReveal and EphemeralKeyReveal for Diffie-Hellman Protocols [chapter]

Berkant Ustaoglu
2009 Lecture Notes in Computer Science  
Lastly, for Diffie-Hellman protocols we argue that it is important to consider security when discrete logarithm values of the outgoing ephemeral public keys are leaked and offer a method to achieve security  ...  On the other hand, it is not obvious how EphemeralKeyReveal compares to SessionStateReveal. Thus it is natural to ask which model is more useful and practically relevant.  ...  Comparison with other protocols In Table 1 , which compares UP with Diffie-Hellman type protocols, KEA1 abbreviates "knowledge of exponent assumption" [2] ; CDH -the computational Diffie-Hellman problem  ... 
doi:10.1007/978-3-642-04642-1_16 fatcat:o5fadgsmezbm5ehtdaofpwmnx4

Comparing the pre- and post-specified peer models for key agreement

Alfred Menezes, Berkant Ustaoglu
2009 International Journal of Applied Cryptography  
In this paper we compare the security assurances provided by the Canetti-Krawczyk security definitions for key agreement in the pre-and post-specified peer models.  ...  We also enhance the Canetti-Krawczyk security models and definitions to encompass a class of protocols that are executable and secure in both the pre-and post-specified peer models.  ...  We consider Diffie-Hellman type protocols where the two communicating parties exchange static (long-term) and ephemeral (one-time) public keys.  ... 
doi:10.1504/ijact.2009.023472 fatcat:rfx3uszmpja4demogh2z3nvvcy

Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS

Berkant Ustaoglu
2007 Designs, Codes and Cryptography  
Compared to MQV and HMQV, NAXOS is less efficient and cannot be readily modified to obtain a one-pass protocol.  ...  LaMacchia, Lauter and Mityagin recently presented a strong security definition for authenticated key agreement strengthening the well-known Canetti-Krawczyk definition.  ...  For simplicity, we will only describe the model for twopass Diffie-Hellman protocols that exchange ephemeral and static public keys -this is without loss of generality as all the protocols in Table 1  ... 
doi:10.1007/s10623-007-9159-1 fatcat:jbydlss54baw7bjeribhkgmwii

Comparing the Pre- and Post-specified Peer Models for Key Agreement [chapter]

Alfred Menezes, Berkant Ustaoglu
Lecture Notes in Computer Science  
In this paper we compare the security assurances provided by the Canetti-Krawczyk security definitions for key agreement in the pre-and post-specified peer models.  ...  We also enhance the Canetti-Krawczyk security models and definitions to encompass a class of protocols that are executable and secure in both the pre-and post-specified peer models.  ...  We consider Diffie-Hellman type protocols where the two communicating parties exchange static (long-term) and ephemeral (one-time) public keys.  ... 
doi:10.1007/978-3-540-70500-0_5 fatcat:4ulwccjgxzfjfivgvm7lglctl4