Improved Authenticated Multiple-Key Agreement Protocol

1. Improved Authenticated Multiple-Key Agreement Protocol Source: Computer and Mathematics with Applications 46 (2003), pp. 207-211. Author: Her-Tyan Yen, Hung-Min Sun and Tzonelih Hwang

2. Introduction • Multiple-Key Agreement protocol • The cost of hash function

3. Motivation (1/2) • Authenticated key agreement without using one-way hash functions • L. Harn and H.Y. Lin, Authenticated key agreement protocol without using one-way functions, In Proc. 8th National Conf. Information Security, 155-160 (1998). • Improved authenticated multiple-key agreement protocol • S.M. Yen and M. Joye, Improved authenticated multiple-key agreement protocol, Electron. Lett., 1738-1739, (1998)

4. Motivation (2/2) • Security of authecticated multiple-key agreement protocols • T.S. Wu, W.H. He and C.L. Hsu, Security of authenticated multiple-key agreement protocols, Electron. Lett., 391-392 (1999). • In Wu et al.’s paper, it still suffers the forgery problem.

5. Authenticated key agreement without using one-way hash functions • p: large prime • α: primitive element • xA: A’s secret key • xB: B’s secret key • , A’s public key • , B’s public key

6. Authentication Phase • A selects two random secret number KA1 and KA2 where rA1, rA2, SA, cert(yA)

7. Key generation • K1 = (rA1)KB1 mod p • K2 = (rA2)KB1 mod p • K3 = (rA1)KB2 mod p • K4 = (rA2)KB2 mod p

8. Conclusion • The proposed protocol is secure and efficient against forgery, and does not involve any one-way hash function.