Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels [chapter]

Ran Canetti, Hugo Krawczyk
2001 Lecture Notes in Computer Science  
We present a formalism for the analysis of key-exchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits: (i) any key-exchange protocol that satisfies the security definition can be composed with symmetric encryption and authentication functions to provide provably secure communication channels (as defined here); and (ii) the definition allows for simple modular proofs of security: one can design and
more » ... rove security of key-exchange protocols in an idealized model where the communication links are perfectly authenticated, and then translate them using general tools to obtain security in the realistic setting of adversary-controlled links. We exemplify the usability of our results by applying them to obtain the proof of two classes of key-exchange protocols, Diffie-Hellman and key-transport, authenticated via symmetric or asymmetric techniques. This proceedings version is a condensed high-level outline of the results in this work; for a complete self-contained treatment the reader is referred to [13] .
doi:10.1007/3-540-44987-6_28 fatcat:3dgqlk7rmzh6hgair42kimnwbm