# American Institute of Mathematical Sciences

November  2015, 9(4): 471-514. doi: 10.3934/amc.2015.9.471

## FORSAKES: A forward-secure authenticated key exchange protocol based on symmetric key-evolving schemes

 1 Data & Network Security Lab, Department of Computer Engineering, Sharif University of Technology, Tehran, Iran, Iran

Received  March 2014 Revised  March 2015 Published  November 2015

This paper suggests a model and a definition for forward-secure authenticated key exchange (AKE) protocols, which can be satisfied without depending on the Diffie--Hellman assumption. The basic idea is to use key-evolving schemes (KES), where the long-term keys of the system get updated regularly and irreversibly. Protocols conforming to our model can be highly efficient, since they do not require the resource-intensive modular exponentiations of the Diffie--Hellman protocol. We also introduce a protocol, called FORSAKES, and prove rigorously that it is a forward-secure AKE protocol in our model. FORSAKES is a very efficient protocol, and can be implemented by merely using hash functions.
Citation: Mohammad Sadeq Dousti, Rasool Jalili. FORSAKES: A forward-secure authenticated key exchange protocol based on symmetric key-evolving schemes. Advances in Mathematics of Communications, 2015, 9 (4) : 471-514. doi: 10.3934/amc.2015.9.471
##### References:
 [1] A. Banerjee, C. Peikert and A. Rosen, Pseudorandom functions and lattices,, in Advances in Cryptology-EUROCRYPT 2012, 7237 (2012), 719. doi: 10.1007/978-3-642-29011-4_42. Google Scholar [2] D. Basin, C. Cremers and S. Meier, Provably repairing the ISO/IEC 9798 standard for entity authentication,, in Principles of Security and Trust, 7215 (2012), 129. doi: 10.1007/978-3-642-28641-4_8. Google Scholar [3] M. Bellare, R. Canetti and H. Krawczyk, Keying hash functions for message authentication,, in Advances in Cryptology-CRYPTO '96, 1109 (1996), 1. doi: 10.1007/3-540-68697-5_1. Google Scholar [4] M. Bellare, R. Canetti and H. Krawczyk, A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract),, in Proceedings of the $30^{th}$ Annual ACM Symposium on Theory of Computing （STOC '98）, (1998), 419. doi: 10.1145/276698.276854. Google Scholar [5] M. Bellare, D. Pointcheval and P. Rogaway, Authenticated key exchange secure against dictionary attacks,, in Advances in Cryptology-EUROCRYPT '00, 1807 (2000), 139. doi: 10.1007/3-540-45539-6_11. Google Scholar [6] M. Bellare and P. Rogaway, Entity authentication and key distribution,, in Advances in Cryptology-CRYPTO '93, 773 (1993), 232. doi: 10.1007/3-540-48329-2_21. Google Scholar [7] M. Bellare and P. Rogaway, Random oracles are practical: A paradigm for designing efficient protocols,, in Proceedings of the $1^{st}$ Annual ACM Conference on Computer and Communications Security （CCS '93）, (1993), 62. doi: 10.1145/168588.168596. Google Scholar [8] M. Bellare and P. Rogaway, Provably secure session key distribution: The three party case,, in Proceedings of the $27^{th}$ Annual ACM Symposium on Theory of Computing （STOC '95）, (1995), 57. doi: 10.1145/225058.225084. Google Scholar [9] M. Bellare and P. Rogaway, The exact security of digital signatures-how to sign with RSA and Rabin,, in Advances in Cryptology-EUROCRYPT '96, 1070 (1996), 399. doi: 10.1007/3-540-68339-9_34. Google Scholar [10] R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva and M. Yung, Systematic design of two-party authentication protocols,, in Advances in Cryptology-CRYPTO '91, 576 (1992), 44. doi: 10.1007/3-540-46766-1_3. Google Scholar [11] A. Biryukov, J. Lano and B. Preneel, Cryptanalysis of the alleged SecurID hash function,, in Selected Areas in Cryptography (SAC 2003), 3006 (2004), 130. doi: 10.1007/978-3-540-24654-1_10. Google Scholar [12] A. Biryukov, J. Lano and B. Preneel, Recent attacks on alleged SecurID and their practical implications,, Computers & Security, 24 (2005), 364. doi: 10.1016/j.cose.2005.04.006. Google Scholar [13] S. Blake-Wilson, D. Johnson and A. Menezes, Key agreement protocols and their security analysis,, in Proceedings of the $6^{th}$ IMA International Conference on Cryptography and Coding (IMACC '97), 1355 (1997), 30. doi: 10.1007/BFb0024447. Google Scholar [14] S. Blake-Wilson and A. Menezes, Entity authentication and authenticated key transport protocols: Employing asymmetric techniques,, in Security Protocols, 1361 (2005), 137. doi: 10.1007/BFb0028166. Google Scholar [15] C. Boyd, Hidden assumptions in cryptographic protocols,, IEE Proceedings of Computers and Digital Techniques, 137 (1990), 433. doi: 10.1049/ip-e.1990.0054. Google Scholar [16] C. Boyd and A. Mathuria, Protocols for authentication and key establishment,, Springer, (2003). doi: 10.1007/978-3-662-09527-0. Google Scholar [17] C. Brzuska, M. Fischlin, N. P. Smart, B. Warinschi and S. C. Williams, Less is more: Relaxed yet composable security notions for key exchange,, International Journal of Information Security, 12 (2013), 267. doi: 10.1007/s10207-013-0192-y. Google Scholar [18] C. Brzuska, M. Fischlin, B. Warinschi and S. C. Williams, Composability of Bellare-Rogaway key exchange protocols,, in Proceedings of the $18^{th}$ ACM Conference on Computer and Communications Security (CCS 2011), (2011), 51. doi: 10.1145/2046707.2046716. Google Scholar [19] J. Camenisch, A. Lysyanskaya and G. Neven, Practical yet universally composable two-server password-authenticated secret sharing,, in Proceedings of the $19^{th}$ ACM Conference on Computer and Communications Security (CCS 2012), (2012), 525. doi: 10.1145/2382196.2382252. Google Scholar [20] R. Canetti, Universally composable security: A new paradigm for cryptographic protocols (extended abstract),, in Proceedings of the $42^{nd}$ Annual IEEE Symposium on Foundations of Computer Science (FOCS '01), (2001), 136. Google Scholar [21] R. Canetti, Universally composable security: A new paradigm for cryptographic protocols,, Cryptology ePrint Archive, (2000). doi: 10.1109/SFCS.2001.959888. Google Scholar [22] R. Canetti, S. Halevi and J. Katz, A forward-secure public-key encryption scheme,, in Advances in Cryptology-Eurocrypt 2003, 2656 (2003), 255. doi: 10.1007/3-540-39200-9_16. Google Scholar [23] R. Canetti, S. Halevi and J. Katz, A forward-secure public-key encryption scheme,, Journal of Cryptology, 20 (2007), 265. doi: 10.1007/s00145-006-0442-5. Google Scholar [24] R. Canetti, S. Halevi, J. Katz, Y. Lindell and P. MacKenzie, Universally composable password-based key exchange,, in Advances in Cryptology-EUROCRYPT 2005, 3494 (2005), 404. doi: 10.1007/11426639_24. Google Scholar [25] R. Canetti and H. Krawczyk, Analysis of key-exchange protocols and their use for building secure channels,, in Advances in Cryptology-EUROCRYPT '01, 2045 (2001), 453. doi: 10.1007/3-540-44987-6_28. Google Scholar [26] R. Canetti and H. Krawczyk, Universally composable notions of key exchange and secure channels (extended abstract),, in Advances in Cryptology-EUROCRYPT '02, 2332 (2002), 337. doi: 10.1007/3-540-46035-7_22. Google Scholar [27] T. Cao, E. Bertino and H. Lei, Security analysis of the SASI protocol,, IEEE Transactions on Dependable and Secure Computing, 6 (2009), 73. doi: 10.1109/TDSC.2008.32. Google Scholar [28] H.-Y. Chien, SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity,, IEEE Transactions on Dependable and Secure Computing, 4 (2007), 337. doi: 10.1109/TDSC.2007.70226. Google Scholar [29] K.-K. R. Choo, Secure key establishment,, Springer, (2009). doi: 10.1007/978-0-387-87969-7. Google Scholar [30] K.-K. R. Choo, C. Boyd and Y. Hitchcock, Examining indistinguishability-based proof models for key establishment protocols,, in Advances in Cryptology-ASIACRYPT '05, 3788 (2005), 585. doi: 10.1007/11593447_32. Google Scholar [31] K.-K. R. Choo, C. Boyd, Y. Hitchcock and G. Maitland, On session identifiers in provably secure protocols: The Bellare-Rogaway three-party key distribution protocol revisited,, in Security in Communication Networks (SCN 2004), 3352 (2005), 351. doi: 10.1007/978-3-540-30598-9_25. Google Scholar [32] J. Clark and J. Jacob, On the security of recent protocols,, Information Processing Letters (IPL), 56 (1995), 151. doi: 10.1016/0020-0190(95)00136-Z. Google Scholar [33] J. Clark and J. Jacob, A survey of authentication protocol literature: Version 1.0, 1997,, Available from , (). Google Scholar [34] S. Contini and Y. L. Yin, Fast software-based attacks on SecurID,, in Fast Software Encryption (FSE 2004), 3017 (2004), 454. doi: 10.1007/978-3-540-25937-4_29. Google Scholar [35] C. Cremers, Examining indistinguishability-based security models for key exchange protocols: The case of CK, CK-HMQV, and eCK,, in Proceedings of the $6^{th}$ ACM Symposium on Information, (2011), 80. doi: 10.1145/1966913.1966925. Google Scholar [36] C. J. Cremers, Session-state reveal is stronger than ephemeral key reveal: Attacking the NAXOS authenticated key exchange protocol,, in Proceedings of the $7^{th}$ International Conference on Applied Cryptography and Network Security (ACNS '09), 5536 (2009), 20. doi: 10.1007/978-3-642-01957-9_2. Google Scholar [37] D. E. Denning and G. M. Sacco, Timestamps in key distribution protocols,, Communications of the ACM, 24 (1981), 533. doi: 10.1145/358722.358740. Google Scholar [38] W. Diffie and M. E. Hellman, New directions in cryptography,, IEEE Transactions on Information Theory, IT-22 (1976), 644. doi: 10.1109/TIT.1976.1055638. Google Scholar [39] W. Diffie, P. C. Oorschot and M. J. Wiener, Authentication and authenticated key exchanges,, Designs, 2 (1992), 107. doi: 10.1007/BF00124891. Google Scholar [40] M. S. Dousti and R. Jalili, Efficient Statistical Zero-Knowledge Authentication Protocols for Smart Cards Secure Against Active & Concurrent Attacks,, Cryptology ePrint Archive, (2013). Google Scholar [41] M. S. Dousti and R. Jalili, An efficient statistical zero-knowledge authentication protocol for smart cards,, International Journal of Computer Mathematics, (). doi: 10.1080/00207160.2015.1011629. Google Scholar [42] U. Feige, A. Fiat and A. Shamir, Zero-knowledge proofs of identity (extended abstract),, in Proceedings of the $19^{th}$ Annual ACM Symposium on Theory of Computing (STOC '87), (1987), 210. doi: 10.1007/BF02351717. Google Scholar [43] U. Feige, A. Fiat and A. Shamir, Zero-knowledge proofs of identity,, Journal of Cryptology, 1 (1988), 77. doi: 10.1007/BF02351717. Google Scholar [44] O. Goldreich, S. Goldwasser and S. Micali, How to construct random functions,, Journal of the ACM (JACM), 33 (1986), 792. doi: 10.1145/6490.6503. Google Scholar [45] C. G. Günther, An identity-based key-exchange protocol,, in Advances in Cryptology-EUROCRYPT '89, (1989), 29. doi: 10.1007/3-540-46885-4_5. Google Scholar [46] D. Hofheinz, J. Müller-Quade and R. Steinwandt, Initiator-resilient universally composable key exchange,, in Proceedings of the $8^{th}$ European Symposium on Research in Computer Security (ESORICS 2003), 2908 (2003), 61. doi: 10.1007/978-3-540-39650-5_4. Google Scholar [47] J. Katz and Y. Lindell, Introduction to Modern Cryptography: Principles and Protocols,, 1st edition, (2007). Google Scholar [48] H. Krawczyk, HMQV: A high-performance secure Diffie-Hellman protocol (extended abstract),, in Advances in Cryptology-CRYPTO'05, 3621 (2005), 546. doi: 10.1007/11535218_33. Google Scholar [49] B. LaMacchia, K. Lauter and A. Mityagin, Stronger security of authenticated key exchange,, in Proceedings of the $1^{st}$ International Conference on Provable Security (ProvSec '07), 4784 (2007), 1. doi: 10.1007/978-3-540-75670-5_1. Google Scholar [50] L. Law, A. Menezes, M. Qu, J. Solinas and S. Vanstone, An efficient protocol for authenticated key agreement,, Designs, 28 (2003), 119. doi: 10.1023/A:1022595222606. Google Scholar [51] C. Lenzen, T. Locher, P. Sommer and R. Wattenhofer, Clock synchronization: Open problems in theory and practice,, in International Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM 2010), 5901 (2010), 61. doi: 10.1007/978-3-642-11266-9_5. Google Scholar [52] A. Menezes, Another look at HMQV,, Journal of Mathematical Cryptology, 1 (2007), 47. doi: 10.1515/JMC.2007.004. Google Scholar [53] A. Menezes, M. Qu and S. Vanstone, Some new key agreement protocols providing implicit authentication,, in Presented at the Workshop on Selected Areas in Cryptography (SAC '95), (1995), 22. Google Scholar [54] R. M. Needham and M. D. Schroeder, Using encryption for authentication in large networks of computers,, Communications of the ACM, 21 (1978), 993. doi: 10.1145/359657.359659. Google Scholar [55] D. Otway and O. Rees, Efficient and timely mutual authentication,, ACM SIGOPS Operating Systems Review, 21 (1987), 8. doi: 10.1145/24592.24594. Google Scholar [56] R. C.-W. Phan, Cryptanalysis of a new ultralightweight RFID authentication protocol-SASI,, IEEE Transactions on Dependable and Secure Computing, 6 (2009), 316. doi: 10.1109/TDSC.2008.33. Google Scholar [57] A. P. Sarr, P. Elbaz-Vincent and J.-C. Bajard, A new security model for authenticated key agreement,, in Proceedings of the $7^{th}$ International Conference on Security and Cryptography for Networks (SCN '10), 6280 (2010), 219. doi: 10.1007/978-3-642-15317-4_15. Google Scholar [58] V. Shoup, On formal models for secure key exchange,, Technical report, (1999). Google Scholar [59] V. Shoup and A. Rubin, Session key distribution using smart cards,, in Advances in Cryptology-EUROCRYPT '96, 1070 (2001), 321. doi: 10.1007/3-540-68339-9_28. Google Scholar [60] H.-M. Sun, W.-C. Ting and K.-H. Wang, On the security of Chien's ultralightweight RFID authentication protocol,, IEEE Transactions on Dependable and Secure Computing, 8 (2011), 315. doi: 10.1109/TDSC.2009.26. Google Scholar [61] I. Wiener, Sample SecurID token emulator with token secret import, 2000,, Available from , (): 2000. Google Scholar [62] K. Yoneyama and Y. Zhao, Taxonomical security consideration of authenticated key exchange resilient to intermediate computation leakage,, in Proceedings of the $5^{th}$ International Conference on Provable Security (ProvSec 2011), 6980 (2011), 348. doi: 10.1007/978-3-642-24316-5_25. Google Scholar

show all references

##### References:
 [1] A. Banerjee, C. Peikert and A. Rosen, Pseudorandom functions and lattices,, in Advances in Cryptology-EUROCRYPT 2012, 7237 (2012), 719. doi: 10.1007/978-3-642-29011-4_42. Google Scholar [2] D. Basin, C. Cremers and S. Meier, Provably repairing the ISO/IEC 9798 standard for entity authentication,, in Principles of Security and Trust, 7215 (2012), 129. doi: 10.1007/978-3-642-28641-4_8. Google Scholar [3] M. Bellare, R. Canetti and H. Krawczyk, Keying hash functions for message authentication,, in Advances in Cryptology-CRYPTO '96, 1109 (1996), 1. doi: 10.1007/3-540-68697-5_1. Google Scholar [4] M. Bellare, R. Canetti and H. Krawczyk, A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract),, in Proceedings of the $30^{th}$ Annual ACM Symposium on Theory of Computing （STOC '98）, (1998), 419. doi: 10.1145/276698.276854. Google Scholar [5] M. Bellare, D. Pointcheval and P. Rogaway, Authenticated key exchange secure against dictionary attacks,, in Advances in Cryptology-EUROCRYPT '00, 1807 (2000), 139. doi: 10.1007/3-540-45539-6_11. Google Scholar [6] M. Bellare and P. Rogaway, Entity authentication and key distribution,, in Advances in Cryptology-CRYPTO '93, 773 (1993), 232. doi: 10.1007/3-540-48329-2_21. Google Scholar [7] M. Bellare and P. Rogaway, Random oracles are practical: A paradigm for designing efficient protocols,, in Proceedings of the $1^{st}$ Annual ACM Conference on Computer and Communications Security （CCS '93）, (1993), 62. doi: 10.1145/168588.168596. Google Scholar [8] M. Bellare and P. Rogaway, Provably secure session key distribution: The three party case,, in Proceedings of the $27^{th}$ Annual ACM Symposium on Theory of Computing （STOC '95）, (1995), 57. doi: 10.1145/225058.225084. Google Scholar [9] M. Bellare and P. Rogaway, The exact security of digital signatures-how to sign with RSA and Rabin,, in Advances in Cryptology-EUROCRYPT '96, 1070 (1996), 399. doi: 10.1007/3-540-68339-9_34. Google Scholar [10] R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva and M. Yung, Systematic design of two-party authentication protocols,, in Advances in Cryptology-CRYPTO '91, 576 (1992), 44. doi: 10.1007/3-540-46766-1_3. Google Scholar [11] A. Biryukov, J. Lano and B. Preneel, Cryptanalysis of the alleged SecurID hash function,, in Selected Areas in Cryptography (SAC 2003), 3006 (2004), 130. doi: 10.1007/978-3-540-24654-1_10. Google Scholar [12] A. Biryukov, J. Lano and B. Preneel, Recent attacks on alleged SecurID and their practical implications,, Computers & Security, 24 (2005), 364. doi: 10.1016/j.cose.2005.04.006. Google Scholar [13] S. Blake-Wilson, D. Johnson and A. Menezes, Key agreement protocols and their security analysis,, in Proceedings of the $6^{th}$ IMA International Conference on Cryptography and Coding (IMACC '97), 1355 (1997), 30. doi: 10.1007/BFb0024447. Google Scholar [14] S. Blake-Wilson and A. Menezes, Entity authentication and authenticated key transport protocols: Employing asymmetric techniques,, in Security Protocols, 1361 (2005), 137. doi: 10.1007/BFb0028166. Google Scholar [15] C. Boyd, Hidden assumptions in cryptographic protocols,, IEE Proceedings of Computers and Digital Techniques, 137 (1990), 433. doi: 10.1049/ip-e.1990.0054. Google Scholar [16] C. Boyd and A. Mathuria, Protocols for authentication and key establishment,, Springer, (2003). doi: 10.1007/978-3-662-09527-0. Google Scholar [17] C. Brzuska, M. Fischlin, N. P. Smart, B. Warinschi and S. C. Williams, Less is more: Relaxed yet composable security notions for key exchange,, International Journal of Information Security, 12 (2013), 267. doi: 10.1007/s10207-013-0192-y. Google Scholar [18] C. Brzuska, M. Fischlin, B. Warinschi and S. C. Williams, Composability of Bellare-Rogaway key exchange protocols,, in Proceedings of the $18^{th}$ ACM Conference on Computer and Communications Security (CCS 2011), (2011), 51. doi: 10.1145/2046707.2046716. Google Scholar [19] J. Camenisch, A. Lysyanskaya and G. Neven, Practical yet universally composable two-server password-authenticated secret sharing,, in Proceedings of the $19^{th}$ ACM Conference on Computer and Communications Security (CCS 2012), (2012), 525. doi: 10.1145/2382196.2382252. Google Scholar [20] R. Canetti, Universally composable security: A new paradigm for cryptographic protocols (extended abstract),, in Proceedings of the $42^{nd}$ Annual IEEE Symposium on Foundations of Computer Science (FOCS '01), (2001), 136. Google Scholar [21] R. Canetti, Universally composable security: A new paradigm for cryptographic protocols,, Cryptology ePrint Archive, (2000). doi: 10.1109/SFCS.2001.959888. Google Scholar [22] R. Canetti, S. Halevi and J. Katz, A forward-secure public-key encryption scheme,, in Advances in Cryptology-Eurocrypt 2003, 2656 (2003), 255. doi: 10.1007/3-540-39200-9_16. Google Scholar [23] R. Canetti, S. Halevi and J. Katz, A forward-secure public-key encryption scheme,, Journal of Cryptology, 20 (2007), 265. doi: 10.1007/s00145-006-0442-5. Google Scholar [24] R. Canetti, S. Halevi, J. Katz, Y. Lindell and P. MacKenzie, Universally composable password-based key exchange,, in Advances in Cryptology-EUROCRYPT 2005, 3494 (2005), 404. doi: 10.1007/11426639_24. Google Scholar [25] R. Canetti and H. Krawczyk, Analysis of key-exchange protocols and their use for building secure channels,, in Advances in Cryptology-EUROCRYPT '01, 2045 (2001), 453. doi: 10.1007/3-540-44987-6_28. Google Scholar [26] R. Canetti and H. Krawczyk, Universally composable notions of key exchange and secure channels (extended abstract),, in Advances in Cryptology-EUROCRYPT '02, 2332 (2002), 337. doi: 10.1007/3-540-46035-7_22. Google Scholar [27] T. Cao, E. Bertino and H. Lei, Security analysis of the SASI protocol,, IEEE Transactions on Dependable and Secure Computing, 6 (2009), 73. doi: 10.1109/TDSC.2008.32. Google Scholar [28] H.-Y. Chien, SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity,, IEEE Transactions on Dependable and Secure Computing, 4 (2007), 337. doi: 10.1109/TDSC.2007.70226. Google Scholar [29] K.-K. R. Choo, Secure key establishment,, Springer, (2009). doi: 10.1007/978-0-387-87969-7. Google Scholar [30] K.-K. R. Choo, C. Boyd and Y. Hitchcock, Examining indistinguishability-based proof models for key establishment protocols,, in Advances in Cryptology-ASIACRYPT '05, 3788 (2005), 585. doi: 10.1007/11593447_32. Google Scholar [31] K.-K. R. Choo, C. Boyd, Y. Hitchcock and G. Maitland, On session identifiers in provably secure protocols: The Bellare-Rogaway three-party key distribution protocol revisited,, in Security in Communication Networks (SCN 2004), 3352 (2005), 351. doi: 10.1007/978-3-540-30598-9_25. Google Scholar [32] J. Clark and J. Jacob, On the security of recent protocols,, Information Processing Letters (IPL), 56 (1995), 151. doi: 10.1016/0020-0190(95)00136-Z. Google Scholar [33] J. Clark and J. Jacob, A survey of authentication protocol literature: Version 1.0, 1997,, Available from , (). Google Scholar [34] S. Contini and Y. L. Yin, Fast software-based attacks on SecurID,, in Fast Software Encryption (FSE 2004), 3017 (2004), 454. doi: 10.1007/978-3-540-25937-4_29. Google Scholar [35] C. Cremers, Examining indistinguishability-based security models for key exchange protocols: The case of CK, CK-HMQV, and eCK,, in Proceedings of the $6^{th}$ ACM Symposium on Information, (2011), 80. doi: 10.1145/1966913.1966925. Google Scholar [36] C. J. Cremers, Session-state reveal is stronger than ephemeral key reveal: Attacking the NAXOS authenticated key exchange protocol,, in Proceedings of the $7^{th}$ International Conference on Applied Cryptography and Network Security (ACNS '09), 5536 (2009), 20. doi: 10.1007/978-3-642-01957-9_2. Google Scholar [37] D. E. Denning and G. M. Sacco, Timestamps in key distribution protocols,, Communications of the ACM, 24 (1981), 533. doi: 10.1145/358722.358740. Google Scholar [38] W. Diffie and M. E. Hellman, New directions in cryptography,, IEEE Transactions on Information Theory, IT-22 (1976), 644. doi: 10.1109/TIT.1976.1055638. Google Scholar [39] W. Diffie, P. C. Oorschot and M. J. Wiener, Authentication and authenticated key exchanges,, Designs, 2 (1992), 107. doi: 10.1007/BF00124891. Google Scholar [40] M. S. Dousti and R. Jalili, Efficient Statistical Zero-Knowledge Authentication Protocols for Smart Cards Secure Against Active & Concurrent Attacks,, Cryptology ePrint Archive, (2013). Google Scholar [41] M. S. Dousti and R. Jalili, An efficient statistical zero-knowledge authentication protocol for smart cards,, International Journal of Computer Mathematics, (). doi: 10.1080/00207160.2015.1011629. Google Scholar [42] U. Feige, A. Fiat and A. Shamir, Zero-knowledge proofs of identity (extended abstract),, in Proceedings of the $19^{th}$ Annual ACM Symposium on Theory of Computing (STOC '87), (1987), 210. doi: 10.1007/BF02351717. Google Scholar [43] U. Feige, A. Fiat and A. Shamir, Zero-knowledge proofs of identity,, Journal of Cryptology, 1 (1988), 77. doi: 10.1007/BF02351717. Google Scholar [44] O. Goldreich, S. Goldwasser and S. Micali, How to construct random functions,, Journal of the ACM (JACM), 33 (1986), 792. doi: 10.1145/6490.6503. Google Scholar [45] C. G. Günther, An identity-based key-exchange protocol,, in Advances in Cryptology-EUROCRYPT '89, (1989), 29. doi: 10.1007/3-540-46885-4_5. Google Scholar [46] D. Hofheinz, J. Müller-Quade and R. Steinwandt, Initiator-resilient universally composable key exchange,, in Proceedings of the $8^{th}$ European Symposium on Research in Computer Security (ESORICS 2003), 2908 (2003), 61. doi: 10.1007/978-3-540-39650-5_4. Google Scholar [47] J. Katz and Y. Lindell, Introduction to Modern Cryptography: Principles and Protocols,, 1st edition, (2007). Google Scholar [48] H. Krawczyk, HMQV: A high-performance secure Diffie-Hellman protocol (extended abstract),, in Advances in Cryptology-CRYPTO'05, 3621 (2005), 546. doi: 10.1007/11535218_33. Google Scholar [49] B. LaMacchia, K. Lauter and A. Mityagin, Stronger security of authenticated key exchange,, in Proceedings of the $1^{st}$ International Conference on Provable Security (ProvSec '07), 4784 (2007), 1. doi: 10.1007/978-3-540-75670-5_1. Google Scholar [50] L. Law, A. Menezes, M. Qu, J. Solinas and S. Vanstone, An efficient protocol for authenticated key agreement,, Designs, 28 (2003), 119. doi: 10.1023/A:1022595222606. Google Scholar [51] C. Lenzen, T. Locher, P. Sommer and R. Wattenhofer, Clock synchronization: Open problems in theory and practice,, in International Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM 2010), 5901 (2010), 61. doi: 10.1007/978-3-642-11266-9_5. Google Scholar [52] A. Menezes, Another look at HMQV,, Journal of Mathematical Cryptology, 1 (2007), 47. doi: 10.1515/JMC.2007.004. Google Scholar [53] A. Menezes, M. Qu and S. Vanstone, Some new key agreement protocols providing implicit authentication,, in Presented at the Workshop on Selected Areas in Cryptography (SAC '95), (1995), 22. Google Scholar [54] R. M. Needham and M. D. Schroeder, Using encryption for authentication in large networks of computers,, Communications of the ACM, 21 (1978), 993. doi: 10.1145/359657.359659. Google Scholar [55] D. Otway and O. Rees, Efficient and timely mutual authentication,, ACM SIGOPS Operating Systems Review, 21 (1987), 8. doi: 10.1145/24592.24594. Google Scholar [56] R. C.-W. Phan, Cryptanalysis of a new ultralightweight RFID authentication protocol-SASI,, IEEE Transactions on Dependable and Secure Computing, 6 (2009), 316. doi: 10.1109/TDSC.2008.33. Google Scholar [57] A. P. Sarr, P. Elbaz-Vincent and J.-C. Bajard, A new security model for authenticated key agreement,, in Proceedings of the $7^{th}$ International Conference on Security and Cryptography for Networks (SCN '10), 6280 (2010), 219. doi: 10.1007/978-3-642-15317-4_15. Google Scholar [58] V. Shoup, On formal models for secure key exchange,, Technical report, (1999). Google Scholar [59] V. Shoup and A. Rubin, Session key distribution using smart cards,, in Advances in Cryptology-EUROCRYPT '96, 1070 (2001), 321. doi: 10.1007/3-540-68339-9_28. Google Scholar [60] H.-M. Sun, W.-C. Ting and K.-H. Wang, On the security of Chien's ultralightweight RFID authentication protocol,, IEEE Transactions on Dependable and Secure Computing, 8 (2011), 315. doi: 10.1109/TDSC.2009.26. Google Scholar [61] I. Wiener, Sample SecurID token emulator with token secret import, 2000,, Available from , (): 2000. Google Scholar [62] K. Yoneyama and Y. Zhao, Taxonomical security consideration of authenticated key exchange resilient to intermediate computation leakage,, in Proceedings of the $5^{th}$ International Conference on Provable Security (ProvSec 2011), 6980 (2011), 348. doi: 10.1007/978-3-642-24316-5_25. Google Scholar

2018 Impact Factor: 0.879