Composability of Bellare-Rogaway Key Exchange Protocols

Christina Brzuska*, Marc Fischlin, Bogdan Warinschi, Stephen C. Williams

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Abstract

In this paper we examine composability properties for the fundamental task of key exchange. Roughly speaking, we show that key exchange protocols secure in the prevalent model of Bellare and Rogaway can be composed with arbitrary protocols that require symmetrically distributed keys. This composition theorem holds if the key exchange protocol satis fi es an additional technical requirement that our analysis brings to light: it should be possible to determine which sessions derive equal keys given only the publicly available information.

What distinguishes our results from virtually all existing work is that we do not rely, neither directly nor indirectly, on the simulation paradigm. Instead, our security notions and composition theorems exclusively use a game-based formalism. We thus avoid several undesirable consequences of simulation-based security notions and support applicability to a broader class of protocols. In particular, we o ff er an abstract formalization of game-based security that should be of independent interest in other investigations using gamebased formalisms.

Original languageEnglish
Title of host publicationPROCEEDINGS OF THE 18TH ACM CONFERENCE ON COMPUTER & COMMUNICATIONS SECURITY (CCS 11)
PublisherACM
Pages51-61
Number of pages11
Publication statusPublished - 2011
MoE publication typeA4 Article in a conference publication
EventACM Conference on Computer and Communications Security - Chicago, United States
Duration: 17 Oct 201121 Oct 2011
Conference number: 18

Conference

ConferenceACM Conference on Computer and Communications Security
Abbreviated titleCCS
CountryUnited States
CityChicago
Period17/10/201121/10/2011

Keywords

  • key exchange
  • Bellare-Rogaway
  • composition
  • SECURITY

Cite this