Please use this identifier to cite or link to this item: https://hdl.handle.net/11147/4784
Full metadata record
DC FieldValueLanguage
dc.contributor.authorUstaoğlu, Berkant-
dc.date.accessioned2017-02-02T10:34:30Z-
dc.date.available2017-02-02T10:34:30Z-
dc.date.issued2009-
dc.identifier.citationUstaoğlu, B. (2009). Comparing SessionStateReveal and EphemeralKeyReveal for Diffie-Hellman protocols (extended version). Cryptology ePrint Archive, Report 2009/353. http://eprint.iacr.org/2009/353en_US
dc.identifier.urihttp://eprint.iacr.org/2009/353-
dc.identifier.urihttp://hdl.handle.net/11147/4784-
dc.descriptionThis is an extended version that includes security arguments and more elaborate comparison.en_US
dc.description.abstractBoth the ``eCK'' model, by LaMacchia, Lauter and Mityagin, and the ``CK01'' model, by Canetti and Krawczyk, address the effect of leaking session specific ephemeral data on the security of key establishment schemes. The CK01-adversary is given a \SessionStateReveal{} query to learn session specific private data defined by the protocol specification, whereas the eCK-adversary is equipped with an \RevealEphemeralKey{} query to access all ephemeral private input required to carry session computations. \SessionStateReveal{} \emph{cannot} be issued against the test session; by contrast \RevealEphemeralKey{} \emph{can} be used against the test session under certain conditions. On the other hand, it is not obvious how \RevealEphemeralKey{} compares to \SessionStateReveal{}. Thus it is natural to ask which model is more useful and practically relevant. While formally the models are not comparable, we show that recent analysis utilizing \SessionStateReveal{} and \RevealEphemeralKey{} have a similar approach to ephemeral data leakage. First we pinpoint the features that determine the approach. Then by examining common motives for ephemeral data leakage we conclude that the approach is meaningful, but does not take into account timing, which turns out to be critical for security. Lastly, for Diffie-Hellman protocols we argue that it is important to consider security when discrete logarithm values of the outgoing ephemeral public keys are leaked and offer a method to achieve security even if the values are exposed.en_US
dc.language.isoenen_US
dc.publisherInternational Association for Cryptologic Researchen_US
dc.relation.ispartofCryptology ePrint Archiveen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectKey agreement protocolsen_US
dc.subjectLeakage of ephemeral secretsen_US
dc.subjectDiffie-Hellman assumptionen_US
dc.subjectHMQVen_US
dc.subjectNAXOS' approachen_US
dc.titleComparing SessionStateReveal and EphemeralKeyReveal for Diffie-Hellman protocols (extended version)en_US
dc.typeArticleen_US
dc.authoridTR102756en_US
dc.institutionauthorUstaoğlu, Berkant-
dc.departmentİzmir Institute of Technology. Mathematicsen_US
dc.identifier.volumeReport 2009/353en_US
dc.identifier.wosWOS:000279343700014en_US
dc.relation.publicationcategoryMakale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanıen_US
item.openairetypeArticle-
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.grantfulltextopen-
item.fulltextWith Fulltext-
item.languageiso639-1en-
item.cerifentitytypePublications-
crisitem.author.dept04.02. Department of Mathematics-
Appears in Collections:Mathematics / Matematik
Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection
WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection
Files in This Item:
File Description SizeFormat 
4784.pdfMakale356.61 kBAdobe PDFThumbnail
View/Open
Show simple item record



CORE Recommender

WEB OF SCIENCETM
Citations

24
checked on Mar 16, 2024

Page view(s)

33,612
checked on Apr 8, 2024

Download(s)

38
checked on Apr 8, 2024

Google ScholarTM

Check





Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.