Access the full text.
Sign up today, get DeepDyve free for 14 days.
M. Bellare, P. Rogaway (1993)
Entity Authentication and Key Distribution
Michèle Feltz, C. Cremers (2014)
On the Limits of Authenticated Key Exchange Security with an Application to Bad RandomnessIACR Cryptol. ePrint Arch., 2014
C. Brzuska, M. Fischlin, B. Warinschi, S. Williams (2011)
Composability of bellare-rogaway key exchange protocols
S. Kamara, Jonathan Katz (2008)
How to Encrypt with a Malicious Random Number Generator
T. Pornin (2013)
Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)RFC, 6979
test-session(s): If s = s * or if s is not the origin-session for session s * , then S aborts
B. Schneier, Matt Fredrikson, Tadayoshi Kohno, T. Ristenpart (2015)
Surreptitiously Weakening Cryptographic SystemsIACR Cryptol. ePrint Arch., 2015
A. Lenstra, James Hughes, Maxime Augier, Joppe Bos, T. Kleinjung, Christophe Wachter (2012)
Public Keys
T. Ristenpart, Scott Yilek (2010)
When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography
M. Bellare, D. Pointcheval, P. Rogaway (2000)
Authenticated Key Exchange Secure against Dictionary AttacksIACR Cryptol. ePrint Arch., 2000
R. Canetti, H. Krawczyk (2001)
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
D. Bernstein, T. Lange, R. Niederhagen (2015)
Dual EC: A Standardized Back DoorIACR Cryptol. ePrint Arch., 2015
M. Bellare, P. Rogaway (1995)
Provably secure session key distribution: the three party case
N. Koblitz, A. Menezes (2015)
The random oracle model: a twenty-year retrospectiveDesigns, Codes and Cryptography, 77
C. Cremers, Michèle Feltz (2012)
Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key revealDesigns, Codes and Cryptography, 74
Scott Yilek (2010)
Resettable Public-Key Encryption: How to Encrypt on a Virtual Machine
(2013)
able to foil basic safeguards of privacy on web
H. Krawczyk (2005)
HMQV: A High-Performance Secure Diffie-Hellman Protocol
Brian LaMacchia, K. Lauter, Anton Mityagin (2006)
Stronger Security of Authenticated Key ExchangeIACR Cryptol. ePrint Arch., 2006
C. Boyd, C. Cremers, Michèle Feltz, K. Paterson, Bertram Poettering, D. Stebila (2013)
ASICS: authenticated key exchange security incorporating certification systemsInternational Journal of Information Security, 16
returns it to M and stores the entry σ 1 , σ 2 , σ 3 ,P i ,P j
Kim-Kwang Choo, C. Boyd, Yvonne Hitchcock (2005)
Examining Indistinguishability-Based Proof Models for Key Establishment Protocols
randomness(s): If s status = ⊥, then S returns ⊥. Otherwise, S returns s rand . 8. session-key(s): If s status = accepted
T. Okamoto, D. Pointcheval (2001)
The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes
(2013)
Google admits an Android crypto PRNG flaw led to Bitcoin heist
Guomin Yang, Shanshan Duan, D. Wong, C. Tan, Huaxiong Wang (2011)
Authenticated Key Exchange under Bad RandomnessIACR Cryptol. ePrint Arch., 2011
S. Blake-Wilson, D. Johnson, A. Menezes (1997)
Key Agreement Protocols and Their Security Analysis
M. Bellare, Björn Tackmann (2016)
Nonce-Based Cryptography: Retaining Security When Randomness FailsIACR Cryptol. ePrint Arch., 2016
M. Bellare, Zvika Brakerski, M. Naor, T. Ristenpart, G. Segev, H. Shacham, Scott Yilek (2009)
Hedged Public-Key Encryption: How to Protect against Bad RandomnessIACR Cryptol. ePrint Arch., 2012
Berkant Ustaoglu (2008)
Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOSDesigns, Codes and Cryptography, 46
If r = l s * and h = sk or if r = l s and h = skB , then S aborts. Otherwise S simulates a random oracle as in the simulation relative to event DL ∧ K
Recent history has revealed that many random number generators (RNGs) used in cryptographic algorithms and protocols were not providing appropriate randomness, either by accident or on purpose. Subsequently, researchers have proposed new algorithms and protocols that are less dependent on the RNG. One exception is that all prominent authenticated key exchange (AKE) protocols are insecure given bad randomness, even when using good long-term keying material. We analyse the security of AKE protocols in the presence of adversaries that can perform attacks based on chosen randomness, i.e., attacks in which the adversary controls the randomness used in protocol sessions. We propose novel stateful protocols, which modify memory shared among a user’s sessions, and show in what sense they are secure against this worst case randomness failure. We develop a stronger security notion for AKE protocols that captures the security that we can achieve under such failures, and prove that our main protocol is correct in this model. Our protocols make substantially weaker assumptions on the RNG than existing protocols.
Designs, Codes and Cryptography – Springer Journals
Published: Feb 13, 2017
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.