An unknown key-share attack on the MQV key agreement protocol
- 1 August 2001
- journal article
- Published by Association for Computing Machinery (ACM) in ACM Transactions on Information and System Security
- Vol. 4 (3) , 275-288
- https://doi.org/10.1145/501978.501981
Abstract
The MQV key agreement protocol, a technique included in recent standards, is shown in its basic form to be vulnerable to an unknown key-share attack. Although the attack's practical impact on security is minimal---a key confirmation step easily prevents it---the attack is noteworthy in the principles it illustrates about protocol design. First, minor “efficiency improvements” can significantly alter the security properties of a protocol. Second, protocol analysis must consider potential interactions with all parties, not just those that are normally online. Finally, attacks must be assessed in terms of system requirements, not just in isolation.Keywords
This publication has 14 references indexed in Scilit:
- Public-Key Encryption in a Multi-user Setting: Security Proofs and ImprovementsPublished by Springer Nature ,2000
- X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSPPublished by RFC Editor ,1999
- Compatible cofactor multiplication for Diffie-HellmanprimitivesElectronics Letters, 1998
- Strong password-only authenticated key exchangeACM SIGCOMM Computer Communication Review, 1996
- On Diffie-Hellman Key Agreement with Short ExponentsPublished by Springer Nature ,1996
- Prudent engineering practice for cryptographic protocolsIEEE Transactions on Software Engineering, 1996
- Provably secure session key distributionPublished by Association for Computing Machinery (ACM) ,1995
- Authentication and authenticated key exchangesDesigns, Codes and Cryptography, 1992
- A public key cryptosystem and a signature scheme based on discrete logarithmsIEEE Transactions on Information Theory, 1985
- New directions in cryptographyIEEE Transactions on Information Theory, 1976