ePrints@IIScePrints@IISc Home | About | Browse | Latest Additions | Advanced Search | Contact | Help

A generic variant of NIST’s KAS2 key agreement protocol

Chatterjee, Sanjit and Menezes, Alfred and Ustaoglu, Berkant (2011) A generic variant of NIST’s KAS2 key agreement protocol. In: ACISP'11 Proceedings of the 16th Australasian Conference on Information Security and Privacy, 2011, Heidelberg.

Full text not available from this repository. (Request a copy)
Official URL: http://dx.doi.org/10.1007/978-3-642-22497-3_23


We propose a generic three-pass key agreement protocol that is based on a certain kind of trapdoor one-way function family. When specialized to the RSA setting, the generic protocol yields the so-called KAS2 scheme that has recently been standardized by NIST. On the other hand, when specialized to the discrete log setting, we obtain a new protocol which we call DH2. An interesting feature of DH2 is that parties can use different groups (e.g., different elliptic curves). The generic protocol also has a hybrid implementation, where one party has an RSA key pair and the other party has a discrete log key pair. The security of KAS2 and DH2 is analyzed in an appropriate modification of the extended Canetti-Krawczyk security model.

Item Type: Conference Paper
Publisher: Springer-Verlag Berlin
Additional Information: Copyright of this article belongs to Springer-Verlag Berlin. GERMANY.
Department/Centre: Division of Electrical Sciences > Computer Science & Automation
Date Deposited: 19 Mar 2013 09:19
Last Modified: 19 Mar 2013 09:19
URI: http://eprints.iisc.ac.in/id/eprint/46037

Actions (login required)

View Item View Item