Perfect forward secrecy (pfs for short) refers to the property of key-exchange protocols in which the exposure of long-term keying material, used in the protocol to negotiate session keys, does not compromise the secrecy of session keys established before the exposure. The most common way to achieve pfs in a key-exchange protocol is by using the Diffie–Hellman key agreement with ephemeral exponents to establish the value of a session key, while confining the use of the long-term keys (such as private signature keys) to the purpose of authenticating the exchange (see authentication). In this case, once a session key is no longer used and is erased from memory then there is no way for the attacker to find this key except by cryptanalyzing the Diffie–Hellman exchange (or other applications that used the session key). In particular, finding the long-term authentication key is of no use in learning the session-key value. One essential element for achieving pfswith the Diffie–Hellman...
This is a preview of subscription content, log in via an institution to check access.
References
Bellovin, S.M. and M. Merritt (1992). “Encrypted key exchange: Password-based protocols secure against dictionary attacks.” Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, May, 72–84.
Diffie, W., P.C. van Oorschot, and M. Wiener (1992). “Authentication and authenticated key exchanges.” Designs, Codes and Cryptography, 2, 107–125.
Günther, C.G. (1990). “An identity-based key-exchange protocol.” Advances in Cryptology—Eurocrypt'89, Lecture Notes in Computer Science, vol. 434, eds. J.-J. Quisqueter and J. Vandewalle. Springer-Verlag, Berlin, 29–37.
Harkins, D., and D. Carrel (ed.) (1998). “The Internet Key Exchange (IKE).” RFC 2409, November.
ISO/IEC IS 9798-3 (1993). “Entity authentication mechanisms—Part 3: Entity authentication using asymmetric techniques.”
Krawczyk, H. (1996). “SKEME: A versatile secure key exchange mechanism for internet.” Proceedings of the 1996 Internet Society Symposium on Network and Distributed System Security, February, 114–127.
Krawczyk, H. (2003). “SIGMA: The `SIGn-and-MAc' approach to authenticated Diffie–Hellman and its use in the IKE protocols.” Advances in Cryptology— CRYPTO 2003, Lecture Notes in Computer Science, vol. 2729, ed. D. Boneh. Springer-Verlag, Berlin, 399–424.
Law, L., A. Menezes, M. Qu, J. Solinas, and S. Vanstone (2003). “An efficient protocol for authenticated key agreement.” Designs, Codes and Cryptography, 28, 211–223.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this entry
Cite this entry
Krawczyk, H. (2005). Perfect Forward Secrecy. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_298
Download citation
DOI: https://doi.org/10.1007/0-387-23483-7_298
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-23473-1
Online ISBN: 978-0-387-23483-0
eBook Packages: Computer ScienceReference Module Computer Science and Engineering