Abstract
We present TOPAS (Transmission Optimal Protocol with Active Security), the first key agreement protocol with optimal communication complexity that provides security against fully active adversaries. This solves a longstanding open problem. The size of the protocol messages (approx. 160 bits for 80-bit security) and the computational costs to generate them are comparable to the basic Diffie-Hellman protocol over elliptic curves (which is well-known to only provide security against passive adversaries). Session keys are indistinguishable from random keys - even under reflection and key compromise impersonation attacks - under generalizations of TOPAS stand out is that it also features a security proof of full perfect forward secrecy (PFS), where the attacker can actively modify messages sent to or from the test-session. The proof of full PFS relies on two new extraction-based security assumptions. It is well-known that existing implicitly-authenticated 2-message protocols like HMQV cannot achieve this strong form of (full) security against active attackers (Krawczyk, Crypto'05). We also present a variant of our protocol, TOPAS+, which, under the Strong Diffie-Hellman assumption, provides better computational efficiency in the key derivation phase.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
