Abstract
In this paper, we investigate the famous Blake-Wilson, Johnson & Menezes (BJM) authenticated key exchange protocols. We observe that the BJM model fails to model the adversary’s capability in the public setting well. We modify the BJM model by providing it with a new Register query and a modified Corrupt query. This way, we bring the BJM model further to practice. Moreover, our modification has a significant impact on the security proof of the BJM protocols. Specifically, the security proofs using CDH assumption will no longer work in the modified BJM model. With some modifications, we show that the BJM protocols are secure in the modified BJM model under the gap Diffie-Hellman assumption (GDH).
Similar content being viewed by others
References
Blake-Wilson S, Johnson D, Menezes A. Key agreement protocols and their security analysis. In: Darnell M, ed. IMA Int Conf, Lecture Notes in Computer Science, vol. 1355. Berlin: Springer, 1997. 30–45
Bellare M, Rogaway P. Entity authentication and key distribution. In: Stinson D R, ed. CRYPTO, Lecture Notes in Computer Science, vol. 773. Berlin: Springer, 1993. 232–249
Bellare M, Rogaway P. Provably secure session key distribution: the three party case. In: STOC, ACM, Las Vegas, Nevada, USA, 1995. 57–66
Bellare M, Pointcheval D, Rogaway P. Authenticated key exchange secure against dictionary attacks. In: EUROCRYPT, Lecture Notes in Computer Science, vol. 1807. Berlin: Springer, 2000. 139–155
Canetti R, Krawczyk H. Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann B, ed. EUROCRYPT, Lecture Notes in Computer Science, vol. 2045. Berlin: Springer, 2001. 453–474
Krawczyk H. HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup V, ed. CRYPTO, Lecture Notes in Computer Science, vol. 3621. Berlin: Springer, 2005. 546–566
Lauter K, Mityagin A. Security analysis of KEA authenticated key exchange protocol. In: Yung M, Dodis Y, Kiayias A, et al., eds. Public Key Cryptography, Lecture Notes in Computer Science, vol. 3958. Berlin: Springer, 2006. 378–394
Kudla C, Paterson K G. Modular security proofs for key agreement protocols. In: Roy B K, ed. ASIACRYPT, Lecture Notes in Computer Science, vol. 3788. Berlin: Springer, 2005. 549–565
Menezes A, Ustaoglu B. Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ACM, New York, 2008. 261–270
LaMacchia B A, Lauter K, Mityagin A. Stronger security of authenticated key exchange. In: Susilo W, Liu J K, Mu Y, eds. ProvSec, Lecture Notes in Computer Science, vol. 4784. Berlin: Springer, 2007. 1–16
Okamoto T, Pointcheval D. The gap-problems: A new class of problems for the security of cryptographic schemes. In: Kim K, ed. Public Key Cryptography, Lecture Notes in Computer Science, vol. 1992. Berlin: Springer, 2001. 104–118
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Huang, H., Cao, Z. Blake-Wilson, Johnson & Menezes protocol revisited. Sci. China Inf. Sci. 54, 1365–1374 (2011). https://doi.org/10.1007/s11432-011-4247-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11432-011-4247-2