[Logic and Complexity] Fwd: 转发学术报告信息
Yijia Chen
yijia.chen at cs.sjtu.edu.cn
Mon Dec 10 12:18:53 CST 2012
-------- Original Message --------
Subject: 转发学术报告信息
Date: Mon, 10 Dec 2012 10:23:08 +0800
From: "dingyue" <dingyue at cs.sjtu.edu.cn>
To: "all" <all at cs.sjtu.edu.cn>
*
各位老师,您好!
转发学术报告信息,密码与信息安全相关领域,欢迎有兴趣的老师参加。
————————————————————————————————————————
报告人:复旦大学赵运磊教授
报告时间:周三下午2:00
报告地点:3-404
报告内容如下:
Title: OAKE: A New Family of Implicitly Authenticated Diffie-Hellman
Protocols
Abstract: Cryptography algorithm standards play a key role both to the
practice of information security and to cryptography theory research.
Among them, the MQV and HMQV protocols ((H)MQV, in short) are a family
of implicitly authenticated Diffie-Hellman key-exchange (DHKE)
protocols
that are among the most efficient and are widely standardized. In this
work, from some new perspectives and under some new design rationales,
and also inspired by the security analysis of HMQV, we develop a new
family of practical implicitly authenticated DHKE (IA-DHKE) protocols,
which enjoy performance advantages among security, efficiency,
privacy,
fairness and easy deployment. We make detailed comparisons between our
new protocols and (H)MQV, showing that the newly developed protocols
outperform HMQV in most aspects. Very briefly speaking, we achieve:
• The most efficient provably secure IA-DHKE protocol to date.
• The first provably secure IA-DHKE protocol with privacy preserving
properties of post-ID computability and reasonable deniability. Here
“reasonable deniability” refers to that the sessionkey can be
computed
merely from DH-exponents.
• All our protocols are essentially online-optimal, which is
particularly important for protocol deployment by power limited
devices.
Here, essential online optimal efficiency refers to only one online
modular exponentiation (besides some slight operations of several
hashings, modular additions and multiplications). To our knowledge,
they
are the first provably secure IA-DHKE protocols that enjoy essential
online-optimal efficiency.
• In comparison with HMQV, the provable security against the leakage
of
pre-computed DH components or exponents is less relied on or totally
dispensed with the non-standard knowledgeof- exponent assumption
(KEA).
Guided by our new design rationales, in this work we also formalize
and
introduce some new concept, say session-key computational fairness (as
a
complement to session-key security), to the literature.
2012-12-10
-------------------------
丁玥
上海交通大学计算机科学与工程系办公室
电话:34204398
email:dingyue at cs.sjtu.edu.cn
More information about the Logic
mailing list