A Unilateral-to-Mutual Authentication Compiler for Key Exchange (with Applications to Client Authentication in TLS 1.3)

@article{Krawczyk2016AUA,
  title={A Unilateral-to-Mutual Authentication Compiler for Key Exchange (with Applications to Client Authentication in TLS 1.3)},
  author={H. Krawczyk},
  journal={Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security},
  year={2016}
}
  • H. Krawczyk
  • Published 2016
  • Computer Science
  • Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
We study the question of how to build "compilers" that transform a unilaterally authenticated (UA) key-exchange protocol into a mutually-authenticated (MA) one. We present a simple and efficient compiler and characterize the UA protocols that the compiler upgrades to the MA model, showing this to include a large and important class of UA protocols. The question, while natural, has not been studied widely. Our work is motivated in part by the ongoing work on the design of TLS 1.3, specifically… Expand
Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2
Implementing and Proving the TLS 1.3 Record Layer
Unilaterally-Authenticated Key Exchange
Breakdown Resilience of Key Exchange Protocols and the Cases of NewHope and TLS 1.3
OPAQUE: An Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks
On the Tight Security of TLS 1.3: Theoretically Sound Cryptographic Parameters for Real-World Deployments
...
1
2
...

References

SHOWING 1-3 OF 3 REFERENCES
On the Security of TLS-DHE in the Standard Model
On Formal Models for Secure Key Exchange
  • V. Shoup
  • Computer Science
  • IACR Cryptol. ePrint Arch.
  • 1999
The OPTLS protocol and TLS
  • EuroS&P,
  • 2016