International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Session-state Reveal is stronger than Ephemeral Key Reveal: Breaking the NAXOS key exchange protocol

Authors:
Cas J.F. Cremers
Download:
URL: http://eprint.iacr.org/2008/376
Search ePrint
Search Google
Abstract: In the papers Stronger Security of Authenticated Key Exchange [LLM07, LLM06], a new security model for key exchange protocols is proposed. The new model is suggested to be at least as strong as previous models for key exchange protocols. In particular, the model includes a new notion of an Ephemeral Key Reveal adversary query, which is claimed in [LLM06, Oka07, Ust08] to be at least as strong as existing definitions of the Session-state Reveal query. We show that for some protocols, Session-state Reveal is strictly stronger than Ephemeral Key Reveal. In particular, we show that the NAXOS protocol from [LLM07, LLM06] does not meet its security requirements if the Session-state Reveal query is allowed in the security model.
BibTeX
@misc{eprint-2008-18150,
  title={Session-state Reveal is stronger than Ephemeral Key Reveal: Breaking the NAXOS key exchange protocol},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / foundations, security models, key agreement, session-state reveal, ephemeral key reveal},
  url={http://eprint.iacr.org/2008/376},
  note={ cas.cremers@inf.ethz.ch 14140 received 3 Sep 2008, last revised 18 Sep 2008},
  author={Cas J.F. Cremers},
  year=2008
}