[Logic and Complexity] Fwd: 转发学术报告信息

Yijia Chen yijia.chen at cs.sjtu.edu.cn
Mon Dec 10 12:18:53 CST 2012 


 -------- Original Message --------
 Subject: 转发学术报告信息
 Date: Mon, 10 Dec 2012 10:23:08 +0800
 From: "dingyue" <dingyue at cs.sjtu.edu.cn>
 To: "all" <all at cs.sjtu.edu.cn>

 
 	*

 各位老师,您好!

 转发学术报告信息,密码与信息安全相关领域,欢迎有兴趣的老师参加。


 ————————————————————————————————————————


  报告人:复旦大学赵运磊教授
  报告时间:周三下午2:00
  报告地点:3-404
  报告内容如下:

  Title: OAKE: A New Family of Implicitly Authenticated Diffie-Hellman
 Protocols

  Abstract: Cryptography algorithm standards play a key role both to the

  practice of information security and to cryptography theory research.
  Among them, the MQV and HMQV protocols ((H)MQV, in short) are a family

  of implicitly authenticated Diffie-Hellman key-exchange (DHKE)
 protocols
  that are among the most efficient and are widely standardized. In this

  work, from some new perspectives and under some new design rationales,

  and also inspired by the security analysis of HMQV, we develop a new
  family of practical implicitly authenticated DHKE (IA-DHKE) protocols,

  which enjoy performance advantages among security, efficiency, 
 privacy,
 
  fairness and easy deployment. We make detailed comparisons between our

  new protocols and (H)MQV, showing that the newly developed protocols
  outperform HMQV in most aspects. Very briefly speaking, we achieve:

 • The most efficient provably secure IA-DHKE protocol to date.

 • The first provably secure IA-DHKE protocol with privacy preserving
  properties of post-ID computability and reasonable deniability. Here
  “reasonable deniability” refers to that the sessionkey can be
 computed
  merely from DH-exponents.

 • All our protocols are essentially online-optimal, which is
  particularly important for protocol deployment by power limited
 devices.
  Here, essential online optimal efficiency refers to only one online
  modular exponentiation (besides some slight operations of several
  hashings, modular additions and multiplications). To our knowledge,
 they
  are the first provably secure IA-DHKE protocols that enjoy essential
  online-optimal efficiency.

 • In comparison with HMQV, the provable security against the leakage
 of
  pre-computed DH components or exponents is less relied on or totally
  dispensed with the non-standard knowledgeof- exponent assumption 
 (KEA).


  Guided by our new design rationales, in this work we also formalize 
 and
 
  introduce some new concept, say session-key computational fairness (as
 a
  complement to session-key security), to the literature.

 2012-12-10
 -------------------------

 丁玥
 上海交通大学计算机科学与工程系办公室
 电话:34204398
 email:dingyue at cs.sjtu.edu.cn

More information about the Logic mailing list