On the Importance of Public-Key Validation in the MQV and HMQV Key Agreement Protocols [chapter]

Alfred Menezes, Berkant Ustaoglu
2006 Lecture Notes in Computer Science  
HMQV is a hashed variant of the MQV key agreement protocol proposed by Krawczyk at CRYPTO 2005. In this paper, we present some attacks on HMQV and MQV that are successful if public keys are not properly validated. In particular, we present an attack on the twopass HMQV protocol that does not require knowledge of the victim's ephemeral private keys. The attacks illustrate the importance of performing some form of public-key validation in Diffie-Hellman key agreement protocols, and furthermore
more » ... hlight the dangers of relying on security proofs for discrete-logarithm protocols where a concrete representation for the underlying group is not specified.
doi:10.1007/11941378_11 fatcat:zzgpymtcurhozjgwr4wggd4uai