A Reflection on the Security of Two-Party Key Establishment Protocols
- Qiang Tang
- IACR Cryptology ePrint Archive
This thesis is divided into two distinct parts. The first part of the thesis explores security issues in key establishment protocols, including both key distribution protocols and key agreement protocols, and in both the general and the password-based setting. The second part of the thesis explores security issues of Timed-Release encryption schemes, especially those with a Pre-Open capability. In the first part, we initially present a formal description of key establishment protocols, and summarise the security properties that may be required of such a protocol. Secondly, we examine existing security models for key establishment protocols. We show that none of these security models fully capture the desired security properties. Thirdly, we examine some existing protocols and demonstrate certain vulnerabilities. Some of these vulnerabilities have not previously been detected because of the lack of a formal security analysis, while others have been missed because the adopted security models fail to address such security vulnerabilities. Fourthly, we describe a novel security model for general key establishment protocols, and we further adapt it for the password setting. Finally, we propose key establishment protocols which are proved secure in our novel security model. In the second part we start by examining an existing security model for TimedRelease Encryption schemes with a Pre-open Capability (TRE-PC), and we demonstrate several limitations of this model. We then propose a new security model for such public-key encryption schemes, and establish relationships between the proposed security notions. We also propose a general construction for TRE-PC schemes and an instantiation of certain primitives.