Integrating identity-based and certificate-based authenticated key exchange protocols

Berkant Ustaoğlu
2011 International Journal of Information Security  
Key establishment is becoming a widely deployed cryptographic primitive. As such, there has been extensive research on designing algorithms that produce shared secret keys. These protocols require parties to either hold certificates or rely on identity (ID)-based primitives to achieve authentication. Chain and cross certifications allow users trusting different certification authorities to interact. Similarly, there are methods to extend ID-based solutions across multiple key generation centers
more » ... (KGC). However, there has been no dedicated work on interoperability between the two settings. A straightforward solution would require each user to maintain certificates and ID-based static keys to accommodate all peers. The cost of maintaining many secret keys; matching keys with protocols; and preventing undesired interference would arguably make such a solution impractical. In this work, we offer an alternative where a user needs to keep a single static key pair and can subsequently engage in a session key establishment with peers holding certificates or identity-based keys. Thus, the proposed solution has none of disadvantages of maintaining multiple static private keys. Keywords Authenticated key establishment · Certificate-based protocols · ID-based protocols · Shared static state · ID-PKI integration Motivation Authenticated key exchange (AKE), along with public key encryption and digital signatures, is a basic cryptographic primitive used to establish authenticated and confidential B. Ustaoglu (B)
doi:10.1007/s10207-011-0136-3 fatcat:6awtwuwixbgb3nmggxsmrrccui