Deniable Internet Key Exchange
In this work, we develop a family of non-malleable and deniable Diffie-Hellman key-exchange (DHKE) protocols, named deniable Internet key exchange (DIKE). The newly developed DIKE protocols are of conceptual clar ity, provide much remarkable privacy protection to protocol participants, and are of highly practical (online) efficiency. For the security of the DIKE protocols, we formulate the notion of tag-based robust non-malleability (TBRNM) for DHKE protocols, which ensures robust non-malleability for DHKE protocols against concurrent man-in-the-middle (CMIM) adversaries and particularly implies concurrent forward deniability for both protocol participants. We show that the TBRNM security and the session key security (SK-security) in accordance with the Canetti-Krawczyk framework are mutually complementary, thus much desirable to have DHKE protocols that enjoy both of them simultaneously. We prove our DIKE protocol indeed satisfies both (privacy preserving) TBRNM security and SKsecurity (with post-specified peers). The TBRNM analysis is based on a variant of the knowledge-of-exponent assumption (KEA), called concurrent KEA assumption introduced and clarified in this work, which might be of independent interest.
Andrew C. Yao Yunlei Zhao
ITCS, Tsinghua University, Beijing, China Software School, Fudan University, Shanghai, China
国际会议
8th International Conference,ACNS 2010(第八届国际应用密码与网络安全大会)
北京
英文
329-348
2010-06-22(万方平台首次上网日期,不代表论文的发表时间)