Published in
Springer, Lecture Notes in Computer Science, p. 585-604, 2005
DOI: 10.1007/11593447_32
Links
- ORCID
- Springer
- [www.researchgate.net] | PDF
- [citeseerx.ist.psu.edu] | PDF
- [citeseerx.ist.psu.edu] | PDF
- [citeseerx.ist.psu.edu] | PDF
- [eprints.qut.edu.au] | PDF
- [eprints.qut.edu.au] | PDF
- [eprint.iacr.org] | PDF
- [eprint.iacr.org] | PDF
- [www.iacr.org] | PDF
Tools
Examining Indistinguishability-Based Proof Models for Key Establishment Protocols
Full text: Download
Abstract
We examine various indistinguishability-based proof models for key establishment protocols, namely the Bellare & Rogaway (1993,1995), the Bellare, Pointcheval, & Rogaway (2000), and the Canetti & Krawczyk (2001) proof models. We then consider several variants of these proof models, identify several subtle differences between these variants and models, and compare the relative strengths of the notions of security between the models. For each of the pair of relations between the models (either an implication or a non-implication), we provide proofs or counter-examples to support the observed relations. We also reveal a drawback with the original formulation of the Bellare, Pointcheval, & Rogaway (2000) model, whereby the Corrupt query is not allowed. As a case study, we use the Abdalla & Pointcheval (2005) three-party password-based key exchange protocol (3PAKE), which carries a proof of security in the Bellare, Pointcheval, & Rogaway (2000) model. We reveal a previously unpublished flaw in the protocol, and demonstrate that this attack would not be captured in the model due to the omission of the Corrupt query.