International Association
for Cryptologic Research

The most widely accepted models in the security proofs of Authenticated Key Exchange protocols are the Canetti-Krawczyk model and the extended Canetti-Krawczyk model. They are shown to be incomparable due to the subtleties that they admit different adversarial queries and the definitions of the queries are not specific and strict enough to allow a rigorous comparison be made. Concerning the security of one-round implicitly authenticated Diffie-Hellman key exchange protocols, we present a stronger security model that characterizes specific adversarial capabilities and encompass the Ephemeral Key Reveal and the Session-State Reveal simultaneously. To demonstrate the usability of our model, a new protocol based on the OAKE protocol is proposed, which satisfies the presented stronger security notion and at the same time attains high efficiency as the OAKE protocol. The protocol is proven secure in random oracle model under the gap Diffie-Hellman assumption.