Authenticated group Diffie-Hellman key exchange: theory and practice Page: 34 of 120
This thesis or dissertation is part of the collection entitled: Office of Scientific & Technical Information Technical Reports and was provided to UNT Digital Library by the UNT Libraries Government Documents Department.
Extracted Text
The following text was automatically extracted from the image on this page using optical character recognition software:
2. GROUP DIFFIE-HELLMAN KEY EXCHANGE
In an execution of P, we say adversary A violates player-to-players au-
thentication (PPsA) for oracle HU if HU terminates holding SIDS(fU),
PIDS(fU) and PIDS(lU) -f n - 1. We denote the ppsa probability
as Succ sa(A) and say protocol P is an A-secure PPsA if SuccPsa(A)
is negligible.
In an execution of P, we say adversary A violates mutual authentication
(MA) if A violates PPsA authentication for at least one oracle IS. We
name the probability of such an event the ma success Succa(A) and
say protocol P is an A-secure MA if Succ a(A) is negligible.
Therefore to deal with mutual authentication (or player-to-players au-
thentication in a similar way), we consider a new game Game"a (A, P)
in which the adversary plays exactly the same way as in the game
Gameake (A, P) with the same oracle accesses but with a different goal:
to violate the mutual authentication. In this new game, the adversary is
not really interested in the Test-query, in the sense that it can terminate
whenever he wants. However, we leave this query available for simplicity.
4.3. Adversary's Resources
The security is formulated as a function of the amount of resources the
adversary A expends. The resources are:
" t time of computing;
" qseqre, qco number of Send, Reveal and Corrupt queries adver-
sary A respectively makes.
By notation Adv(t,... ) or Succ(t,...), we mean the maximum values of
Adv(A) or Succ(A) respectively, over all adversaries A that expend at
most the specified amount of resources.
5. An Authenticated Group Diffie-Hellman Scheme
We first introduce the protocol AKE1 and then prove it is a secure AKE
scheme in the ideal hash model. Then at the end of this section we
comment on the security theorem and the proof.
5.1. Preliminaries
In the following we assume the ideal hash function model. We use a hash
function 71 from {0, 1}* to {0, 1} where is a security parameter. The
session-key space SK associated to this protocol is {0, 1} equipped with
a uniform distribution. In this model, a new query, namely Hash-query
24
Upcoming Pages
Here’s what’s next.
35 of 120
36 of 120
37 of 120
38 of 120
Search Inside
This document can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Thesis Or Dissertation.
Chevassut, Olivier. Authenticated group Diffie-Hellman key exchange: theory and practice, thesis or dissertation, October 3, 2002; Berkeley, California. (https://digital.library.unt.edu/ark:/67531/metadc739237/m1/34/: accessed April 18, 2024), University of North Texas Libraries, UNT Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.