Abstract
We propose a generic three-pass key agreement protocol that is based on a certain kind of trapdoor one-way function family. When specialized to the RSA setting, the generic protocol yields the so-called KAS2 scheme that has recently been standardized by NIST. On the other hand, when specialized to the discrete log setting, we obtain a new protocol which we call DH2. An interesting feature of DH2 is that parties can use different groups (e.g., different elliptic curves). The generic protocol also has a hybrid implementation, where one party has an RSA key pair and the other party has a discrete log key pair. The security of KAS2 and DH2 is analyzed in an appropriate modification of the extended Canetti-Krawczyk security model. © 2011 Springer-Verlag.
Cite
CITATION STYLE
Chatterjee, S., Menezes, A., & Ustaoglu, B. (2011). A generic variant of NIST’s KAS2 key agreement protocol. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6812 LNCS, pp. 353–370). https://doi.org/10.1007/978-3-642-22497-3_23
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
