$$textsf {TOPAS}$$ 2-pass key exchange with full perfect forward secrecy and optimal communication complexity

IF 16.4 1区 化学 Q1 CHEMISTRY, MULTIDISCIPLINARY
Sven Schäge
{"title":"$$textsf {TOPAS}$$ 2-pass key exchange with full perfect forward secrecy and optimal communication complexity","authors":"Sven Schäge","doi":"10.1007/s10623-024-01429-3","DOIUrl":null,"url":null,"abstract":"<p>We present Transmission optimal protocol with active security (<span>\\(\\textsf {TOPAS}\\)</span>), the first key agreement protocol with optimal communication complexity (message size and number of rounds) that provides security against fully active adversaries. The size of the protocol messages and the computational costs to generate them are comparable to the basic Diffie-Hellman protocol over elliptic curves (which is well-known to only provide security against passive adversaries). Session keys are indistinguishable from random keys—even under reflection and key compromise impersonation attacks. What makes <span>\\(\\textsf {TOPAS}\\)</span>stand out is that it also features a security proof of full perfect forward secrecy (PFS), where the attacker can <i>actively</i> modify messages sent to or from the test-session. The proof of full PFS relies on two new extraction-based security assumptions. It is well-known that existing implicitly-authenticated 2-message protocols like <span>\\(\\textsf {HMQV}\\)</span>cannot achieve this strong form of (full) security against active attackers (Krawczyk, Crypto’05). This makes <span>\\(\\textsf {TOPAS}\\)</span>the first key agreement protocol with full security against active attackers that works in prime-order groups while having optimal message size. We also present a variant of our protocol, <span>\\(\\textsf {TOPAS+}\\)</span>, which, under the Strong Diffie-Hellman assumption, provides better computational efficiency in the key derivation phase. Finally, we present a third protocol termed <span>\\(\\textsf {FACTAS}\\)</span>(for factoring-based protocol with active security) which has the same strong security properties as <span>\\(\\textsf {TOPAS}\\)</span>and <span>\\(\\textsf {TOPAS+}\\)</span>but whose security is solely based on the factoring assumption in groups of composite order (except for the proof of full PFS).</p>","PeriodicalId":1,"journal":{"name":"Accounts of Chemical Research","volume":null,"pages":null},"PeriodicalIF":16.4000,"publicationDate":"2024-07-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"$$\\\\textsf {TOPAS}$$ 2-pass key exchange with full perfect forward secrecy and optimal communication complexity\",\"authors\":\"Sven Schäge\",\"doi\":\"10.1007/s10623-024-01429-3\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>We present Transmission optimal protocol with active security (<span>\\\\(\\\\textsf {TOPAS}\\\\)</span>), the first key agreement protocol with optimal communication complexity (message size and number of rounds) that provides security against fully active adversaries. The size of the protocol messages and the computational costs to generate them are comparable to the basic Diffie-Hellman protocol over elliptic curves (which is well-known to only provide security against passive adversaries). Session keys are indistinguishable from random keys—even under reflection and key compromise impersonation attacks. What makes <span>\\\\(\\\\textsf {TOPAS}\\\\)</span>stand out is that it also features a security proof of full perfect forward secrecy (PFS), where the attacker can <i>actively</i> modify messages sent to or from the test-session. The proof of full PFS relies on two new extraction-based security assumptions. It is well-known that existing implicitly-authenticated 2-message protocols like <span>\\\\(\\\\textsf {HMQV}\\\\)</span>cannot achieve this strong form of (full) security against active attackers (Krawczyk, Crypto’05). This makes <span>\\\\(\\\\textsf {TOPAS}\\\\)</span>the first key agreement protocol with full security against active attackers that works in prime-order groups while having optimal message size. We also present a variant of our protocol, <span>\\\\(\\\\textsf {TOPAS+}\\\\)</span>, which, under the Strong Diffie-Hellman assumption, provides better computational efficiency in the key derivation phase. Finally, we present a third protocol termed <span>\\\\(\\\\textsf {FACTAS}\\\\)</span>(for factoring-based protocol with active security) which has the same strong security properties as <span>\\\\(\\\\textsf {TOPAS}\\\\)</span>and <span>\\\\(\\\\textsf {TOPAS+}\\\\)</span>but whose security is solely based on the factoring assumption in groups of composite order (except for the proof of full PFS).</p>\",\"PeriodicalId\":1,\"journal\":{\"name\":\"Accounts of Chemical Research\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":16.4000,\"publicationDate\":\"2024-07-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Accounts of Chemical Research\",\"FirstCategoryId\":\"100\",\"ListUrlMain\":\"https://doi.org/10.1007/s10623-024-01429-3\",\"RegionNum\":1,\"RegionCategory\":\"化学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"CHEMISTRY, MULTIDISCIPLINARY\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Accounts of Chemical Research","FirstCategoryId":"100","ListUrlMain":"https://doi.org/10.1007/s10623-024-01429-3","RegionNum":1,"RegionCategory":"化学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"CHEMISTRY, MULTIDISCIPLINARY","Score":null,"Total":0}
引用次数: 0

摘要

我们提出了具有主动安全性的最优传输协议(\(\textsf {TOPAS}\)),这是第一个具有最优通信复杂度(报文大小和回合数)的密钥协议,可提供对抗完全主动对手的安全性。协议信息的大小和生成信息的计算成本与椭圆曲线上的基本 Diffie-Hellman 协议不相上下(众所周知,后者只能提供针对被动对手的安全性)。会话密钥与随机密钥是无法区分的--即使在反射和密钥泄露冒充攻击下也是如此。让 \(\textsf {TOPAS}/)脱颖而出的是:它还具有完全完美前向保密(PFS)的安全证明,攻击者可以主动修改发送到测试会话或从测试会话发送的信息。完全前向保密的证明依赖于两个新的基于提取的安全假设。众所周知,现有的隐式验证双消息协议(如\(\textsf {HMQV}\ )无法实现这种针对主动攻击者的(完全)强安全形式(Krawczyk,Crypto'05)。这使得(\textsf {TOPAS}/)成为第一个针对主动攻击者的具有完全安全性的密钥协议,它可以在质阶组中运行,同时具有最优的消息大小。我们还提出了我们协议的一个变体--(\textsf {TOPAS+}/),在强迪菲-赫尔曼假设下,它在密钥推导阶段提供了更好的计算效率。最后,我们提出了第三个协议,称为(\textsf {FACTAS}\)(表示基于保理的主动安全协议),它与(\textsf {TOPAS}\)和(\textsf {TOPAS+}\)具有相同的强安全特性,但其安全性完全基于复合阶分组中的保理假设(除了全PFS的证明)。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

$$\textsf {TOPAS}$$ 2-pass key exchange with full perfect forward secrecy and optimal communication complexity

$$\textsf {TOPAS}$$ 2-pass key exchange with full perfect forward secrecy and optimal communication complexity

We present Transmission optimal protocol with active security (\(\textsf {TOPAS}\)), the first key agreement protocol with optimal communication complexity (message size and number of rounds) that provides security against fully active adversaries. The size of the protocol messages and the computational costs to generate them are comparable to the basic Diffie-Hellman protocol over elliptic curves (which is well-known to only provide security against passive adversaries). Session keys are indistinguishable from random keys—even under reflection and key compromise impersonation attacks. What makes \(\textsf {TOPAS}\)stand out is that it also features a security proof of full perfect forward secrecy (PFS), where the attacker can actively modify messages sent to or from the test-session. The proof of full PFS relies on two new extraction-based security assumptions. It is well-known that existing implicitly-authenticated 2-message protocols like \(\textsf {HMQV}\)cannot achieve this strong form of (full) security against active attackers (Krawczyk, Crypto’05). This makes \(\textsf {TOPAS}\)the first key agreement protocol with full security against active attackers that works in prime-order groups while having optimal message size. We also present a variant of our protocol, \(\textsf {TOPAS+}\), which, under the Strong Diffie-Hellman assumption, provides better computational efficiency in the key derivation phase. Finally, we present a third protocol termed \(\textsf {FACTAS}\)(for factoring-based protocol with active security) which has the same strong security properties as \(\textsf {TOPAS}\)and \(\textsf {TOPAS+}\)but whose security is solely based on the factoring assumption in groups of composite order (except for the proof of full PFS).

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Accounts of Chemical Research
Accounts of Chemical Research 化学-化学综合
CiteScore
31.40
自引率
1.10%
发文量
312
审稿时长
2 months
期刊介绍: Accounts of Chemical Research presents short, concise and critical articles offering easy-to-read overviews of basic research and applications in all areas of chemistry and biochemistry. These short reviews focus on research from the author’s own laboratory and are designed to teach the reader about a research project. In addition, Accounts of Chemical Research publishes commentaries that give an informed opinion on a current research problem. Special Issues online are devoted to a single topic of unusual activity and significance. Accounts of Chemical Research replaces the traditional article abstract with an article "Conspectus." These entries synopsize the research affording the reader a closer look at the content and significance of an article. Through this provision of a more detailed description of the article contents, the Conspectus enhances the article's discoverability by search engines and the exposure for the research.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信