Abstract
In recent years, a large number of identity- based key agreement protocols from pairings have been proposed. Some of them are elegant and practical. However, the security of this type of protocol has been surprisingly hard to prove, even in the random oracle model. The main issue is that a simulator is not able to deal with reveal queries, because it requires solving either a computational problem or a decisional problem, both of which are generally believed to be hard (i.e., computationally infeasible). The best solution so far for security proofs uses the gap assumption, which means assuming that the existence of a decisional oracle does not change the hardness of the corresponding computational problem. The disadvantage of using this solution to prove security is that such decisional oracles, on which the security proof relies, cannot be performed by any polynomial time algorithm in the real world, because of the hardness of the decisional problem. In this paper we present a method incorporating a built-in decisional function into the protocols. The function transfers a hard decisional problem in the proof to an easy decisional problem. We then discuss the resulting efficiency of the schemes and the relevant security reductions, in the random oracle model, in the context of different pairings one can use. We pay particular attention, unlike most other papers in the area, to the issues which arise when using asymmetric pairings.
Similar content being viewed by others
References
Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Advances in Cryptology—Crypto ’96, pp.1–15. Springer, Heidelberg LNCS 1109 (1996)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Advances in Cryptology—Crypto ’93,pp. 232–249 Springer, Heidelberg LNCS 773 (1993)
Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Cryptography and Coding,pp. 30–45. Springer, Heidelberg, LNCS 1355, (1997)
Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. In: Advances in Cryptology—Crypto 2001,pp. 213–229. Springer, Heidelberg, LNCS 2139 (2001)
Boyd, C., Mao, W., Paterson, K.: Key agreement using statically keyed authenticators. In: Applied Cryptography and Network Security: Second International Conference—ACNS 2004,pp.248–262. Springer, Heidelberg LNCS 3089(2004)
Cheng, Z.: The private communications (2003)
Cheng, Z., Chen, L.: On security proof of McCullagh-Barreto’s key agreement protocol and its variants. To appear in Int. J. of Security and Networks(IJSN) Special Issue on Cryptography in Network. Also available on Cryptology ePrint Archive, Report 2005/201
Chen, L., Cheng, Z.: Security proof of the Sakai-Kasahara’s identity-based encryption scheme. In: Cryptography and Coding, pp.442–459. Springer, Heidlberg, LNCS 3706 (2005)
Choo, K., Boyd, C., Hitchcock, Y.: On session key construction in provably-secure key establishment protocols: revisiting Chen & Kudla (2003) and McCullagh & Barreto (2005) ID-based protocols. In: Mycrypt 2005, pp. 116 – 131. Springer, Heidelberg, LNCS 3715, Also available on Cryptology ePrint Archive, Report 2005/206 (2005)
Choie Y., Jeong E. and Lee E. (2005). Efficient identity-based authenticated key agreement protocol from pairings. Appl. Math. Comput. 162: 179–188
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Advances in Cryptology—Eurocrypt 2001, pp. 453–474. Springer, Heidelberg, LNCS 2045 (2001)
Chen, L., Kudla, C.: Identity based authenticated key agreement from pairings. In: IEEE Computer Security Foundations Workshop, pp.219–233 (2003). The modified version of this paper is available at Cryptology ePrint Archive, Report 2002/184 (2003)
Cheng, Z., Nistazakis, M., Comley, R., Vasiu, L.: On the indistinguishability-based security model of key agreement protocols-simple cases. Cryptology ePrint Archive, Report 2005/129
Galbraith, S., Paterson, K., Smart, N.P.: Pairings for cryptographers. Cryptology ePrint Archive, Report 2006/165
Granger, R., Page, D., Smart, N.P.: High security pairing-based cryptography revisited. In: Algorithmic Number Theory Symposium VII, pp .480–494. Springer, Heidelberg LNCS 4076 (2006)
Hess, F., Smart, N.P., Vercauteren, F.: The Eta pairing revisited. Cryptology ePrint Archive, Report 2006/110
ISO/IEC 11770-3:1999. Information technology—security techniques—key management—part 3: mechanisms using asymmetric techniques
Joux, A.: A one-round protocol for tripartite Diffie–Hellman. In: Algorithmic Number Theory Symposium—ANTS-IV, pp. 385–394 Springer, Heidelberg, LNCS 1838 (2000)
Kudla, C.: Special signature schemes and key agreement protocols. PhD Thesis, Royal Holloway University of London (2006)
Kudla C., Paterson, K.: Modular security proofs for key agreement protocols. In: Advances in Cryptology—Asiacrypt 2005, pp.549–565 Springer, Heidelberg, LNCS 378. (2005)
Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: Advances in Cryptology—Crypto ’97, pp. 249-263. Springer, Heidelberg LNCS 1294 (1997)
Law L., Menezes A., Qu M., Solinas J. and Vanstone S (2003). An efficient protocol for authenticated key agreement. Des, Codes Cryptogr 28: 119–134
Li, S., Yuan, Q., Li, J.: Towards security two-part authenticated key agreement protocols. Cryptology ePrint Archive, Report 2005/300
McCullagh, N., Barreto, P.S.L.M.: A new two-party identity-based authenticated key agreement. In: Topics in Cryptology—CT-RSA 2005, pp. 262–274 Springer, Heidelberg, LNCS 3376 (2005)
Mitchell C., Ward M. and Wilson P (1998). Key control in key agreement protocols. Electron.Lett. 34: 980–981
Okamoto E. (1986). Proposal for identity-based key distribution system. Electron. Lett. 22: 1283–1284
Ryu, E., Yoon, E., Yoo, K.: An efficient ID-based authenticated key agreement protocol from pairings. In: Networking 2004, pp. 1458–1463. Springer, Heidelberg, LNCS 3042 (2004)
Sakai, R., Kasahara, M.: ID based cryptosystems with pairing on elliptic curve. Cryptology ePrint Archive, Report 2003/054
Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: Symposium on Cryptography and Information Security, Okinawa (2000)
Scott, M.: Authenticated ID-based key exchange and remote log-in with insecure token and PIN number. Cryptology ePrint Archive, Report 2002/164
Shacham, H.: New Paradigms in Signature Schemes. PhD Thesis, U. Stanford (2005)
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Advances in Cryptology—Crypto ’84, pp.47–53. Springer, Heidelberg, LNCS 196 (1984)
Shim K. (2003). Efficient ID-based authenticated key agreement protocol based on the Weil pairing. Electron Lett 39: 653–654
Shim, K.: Cryptanalysis of two ID-based authenticated key agreement protocols from pairings. Cryptology ePrint Archive, Report 2005/357
Smart N.P. (2002). An identity based authenticated key agreement protocol based on the Weil pairing. Electro. Lett. 38: 630–632
Sun, H., Hsieh, B.: Security analysis of Shim’s authenticated key agreement protocols from pairings. Cryptology ePrint Archive, Report 2003/113
Tanaka K. and Okamoto E. (1991). Key distribution system for mail systems using ID-related information directory. Comput. Secur. 10: 25–33
Wang, Y.: Efficient identity-based and authenticated key agreement protocol. Cryptology ePrint Archive, Report 2005/108
Xie, G.: An ID-based key agreement scheme from pairing. Cryptology ePrint Archive, Report 2005/093
Yuan, Q., Li, S.A.: A new efficient ID-based authenticated key agreement protocol. Cryptology ePrint Archive, Report 2005/309
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Chen, L., Cheng, Z. & Smart, N.P. Identity-based key agreement protocols from pairings. Int. J. Inf. Secur. 6, 213–241 (2007). https://doi.org/10.1007/s10207-006-0011-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-006-0011-9