比较指定前和指定后的密钥协议对等体模型

Int. J. Appl. Cryptogr. Pub Date : 2008-07-07 DOI:10.1504/IJACT.2009.023472

A. Menezes, Berkant Ustaoglu

{"title":"比较指定前和指定后的密钥协议对等体模型","authors":"A. Menezes, Berkant Ustaoglu","doi":"10.1504/IJACT.2009.023472","DOIUrl":null,"url":null,"abstract":"In the pre-specified peer model for key agreement, it is assumed that a party knows the identifier of its intended communicating peer when it commences a protocol run. On the other hand, a party in the post-specified peer model for key agreement does not know the identifier of its communicating peer at the outset, but learns the identifier during the protocol run. In this paper we compare the security assurances provided by the Canetti-Krawczyk security definitions for key agreement in the pre- and post-specified peer models. We give examples of protocols that are secure in one model but insecure in the other. We also enhance the Canetti-Krawczyk security models and definitions to encompass a class of protocols that are executable and secure in both the pre- and post-specified peer models.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"55","resultStr":"{\"title\":\"Comparing the pre- and post-specified peer models for key agreement\",\"authors\":\"A. Menezes, Berkant Ustaoglu\",\"doi\":\"10.1504/IJACT.2009.023472\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the pre-specified peer model for key agreement, it is assumed that a party knows the identifier of its intended communicating peer when it commences a protocol run. On the other hand, a party in the post-specified peer model for key agreement does not know the identifier of its communicating peer at the outset, but learns the identifier during the protocol run. In this paper we compare the security assurances provided by the Canetti-Krawczyk security definitions for key agreement in the pre- and post-specified peer models. We give examples of protocols that are secure in one model but insecure in the other. We also enhance the Canetti-Krawczyk security models and definitions to encompass a class of protocols that are executable and secure in both the pre- and post-specified peer models.\",\"PeriodicalId\":350332,\"journal\":{\"name\":\"Int. J. Appl. Cryptogr.\",\"volume\":\"14 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-07-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"55\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Appl. Cryptogr.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/IJACT.2009.023472\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Appl. Cryptogr.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/IJACT.2009.023472","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 55

摘要

在预先指定的密钥协议对等体模型中，假设一方在开始协议运行时知道其预期通信对等体的标识符。另一方面，密钥协议后指定的对等体模型中的一方在开始时不知道其通信对等体的标识符，但在协议运行期间学习标识符。在本文中，我们比较了Canetti-Krawczyk安全定义在预先指定和后指定的对等体模型中为密钥协议提供的安全保证。我们给出了在一种模型中安全而在另一种模型中不安全的协议示例。我们还增强了Canetti-Krawczyk安全模型和定义，以包含一类在预先和后指定的对等体模型中都是可执行和安全的协议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Comparing the pre- and post-specified peer models for key agreement

In the pre-specified peer model for key agreement, it is assumed that a party knows the identifier of its intended communicating peer when it commences a protocol run. On the other hand, a party in the post-specified peer model for key agreement does not know the identifier of its communicating peer at the outset, but learns the identifier during the protocol run. In this paper we compare the security assurances provided by the Canetti-Krawczyk security definitions for key agreement in the pre- and post-specified peer models. We give examples of protocols that are secure in one model but insecure in the other. We also enhance the Canetti-Krawczyk security models and definitions to encompass a class of protocols that are executable and secure in both the pre- and post-specified peer models.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Int. J. Appl. Cryptogr.

自引率

0.00%

发文量