The Twist-AUgmented Technique for Key Exchange
Identifieur interne : 005366 ( Main/Exploration ); précédent : 005365; suivant : 005367The Twist-AUgmented Technique for Key Exchange
Auteurs : Olivier Chevassut [États-Unis] ; Pierre-Alain Fouque [France] ; Pierrick Gaudry [France] ; David Pointcheval [France]Source :
- Lecture Notes in Computer Science [ 0302-9743 ]
Descripteurs français
- Pascal (Inist)
- Wicri :
- topic : Normalisation, Semence.
English descriptors
- KwdEn :
Abstract
Abstract: Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a Diffie-Hellman key exchange. However, formal proofs in the standard model require randomness extractors to formally extract the entropy of the random master secret into a seed prior to deriving other keys. Whereas this is a quite simple tool, it is not easy to use in practice –or it is easy to misuse it–. In addition, in many standards, the acronym PRF (Pseudo-Random Functions) is used for several tasks, and namely the randomness extraction. While randomness extractors and pseudo-random functions are a priori distinct tools, we first study whether such an application is correct or not. We thereafter study the case of $\mathbb{Z}^{*}_{p}$ where p is a safe-prime and the case of elliptic curve since in IPSec for example, only these two groups are considered. We present very efficient and provable randomness extraction techniques for these groups under the DDH assumption. In the special case of elliptic curves, we present a new technique —the so-called ’Twist-AUgmented’ technique— which exploits specific properties of some elliptic curves, and avoids the need of any randomness extractor. We finally compare the efficiency of this method with other solutions.
Url:
DOI: 10.1007/11745853_27
Affiliations:
Links toward previous steps (curation, corpus...)
- to stream Istex, to step Corpus: 000B79
- to stream Istex, to step Curation: 000B72
- to stream Istex, to step Checkpoint: 001219
- to stream Main, to step Merge: 005512
- to stream PascalFrancis, to step Corpus: 000331
- to stream PascalFrancis, to step Curation: 000694
- to stream PascalFrancis, to step Checkpoint: 000342
- to stream Main, to step Merge: 005747
- to stream Main, to step Curation: 005366
Le document en format XML
<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">The Twist-AUgmented Technique for Key Exchange</title><author><name sortKey="Chevassut, Olivier" sort="Chevassut, Olivier" uniqKey="Chevassut O" first="Olivier" last="Chevassut">Olivier Chevassut</name></author><author><name sortKey="Fouque, Pierre Alain" sort="Fouque, Pierre Alain" uniqKey="Fouque P" first="Pierre-Alain" last="Fouque">Pierre-Alain Fouque</name></author><author><name sortKey="Gaudry, Pierrick" sort="Gaudry, Pierrick" uniqKey="Gaudry P" first="Pierrick" last="Gaudry">Pierrick Gaudry</name></author><author><name sortKey="Pointcheval, David" sort="Pointcheval, David" uniqKey="Pointcheval D" first="David" last="Pointcheval">David Pointcheval</name></author></titleStmt><publicationStmt><idno type="wicri:source">ISTEX</idno><idno type="RBID">ISTEX:32506E8AABE71A8E1447E94F7FCC2D69133BA00A</idno><date when="2006" year="2006">2006</date><idno type="doi">10.1007/11745853_27</idno><idno type="url">https://api.istex.fr/ark:/67375/HCB-1JDVK4LG-3/fulltext.pdf</idno><idno type="wicri:Area/Istex/Corpus">000B79</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">000B79</idno><idno type="wicri:Area/Istex/Curation">000B72</idno><idno type="wicri:Area/Istex/Checkpoint">001219</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Checkpoint">001219</idno><idno type="wicri:doubleKey">0302-9743:2006:Chevassut O:the:twist:augmented</idno><idno type="wicri:Area/Main/Merge">005512</idno><idno type="wicri:source">INIST</idno><idno type="RBID">Pascal:08-0088402</idno><idno type="wicri:Area/PascalFrancis/Corpus">000331</idno><idno type="wicri:Area/PascalFrancis/Curation">000694</idno><idno type="wicri:Area/PascalFrancis/Checkpoint">000342</idno><idno type="wicri:explorRef" wicri:stream="PascalFrancis" wicri:step="Checkpoint">000342</idno><idno type="wicri:doubleKey">0302-9743:2006:Chevassut O:the:twist:augmented</idno><idno type="wicri:Area/Main/Merge">005747</idno><idno type="wicri:Area/Main/Curation">005366</idno><idno type="wicri:Area/Main/Exploration">005366</idno></publicationStmt><sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">The Twist-AUgmented Technique for Key Exchange</title><author><name sortKey="Chevassut, Olivier" sort="Chevassut, Olivier" uniqKey="Chevassut O" first="Olivier" last="Chevassut">Olivier Chevassut</name><affiliation wicri:level="2"><country xml:lang="fr">États-Unis</country><wicri:regionArea>Lawrence Berkeley National Lab., Berkeley, CA</wicri:regionArea><placeName><region type="state">Californie</region></placeName></affiliation><affiliation></affiliation></author><author><name sortKey="Fouque, Pierre Alain" sort="Fouque, Pierre Alain" uniqKey="Fouque P" first="Pierre-Alain" last="Fouque">Pierre-Alain Fouque</name><affiliation wicri:level="3"><country xml:lang="fr">France</country><wicri:regionArea>CNRS-École normale supérieure, Paris</wicri:regionArea><placeName><region type="region">Île-de-France</region><region type="old region">Île-de-France</region><settlement type="city">Paris</settlement></placeName></affiliation><affiliation wicri:level="1"><country wicri:rule="url">France</country></affiliation></author><author><name sortKey="Gaudry, Pierrick" sort="Gaudry, Pierrick" uniqKey="Gaudry P" first="Pierrick" last="Gaudry">Pierrick Gaudry</name><affiliation wicri:level="3"><country xml:lang="fr">France</country><wicri:regionArea>CNRS-LORIA, Nancy</wicri:regionArea><placeName><region type="region">Grand Est</region><region type="old region">Lorraine (région)</region><settlement type="city">Nancy</settlement></placeName></affiliation><affiliation wicri:level="1"><country wicri:rule="url">France</country></affiliation></author><author><name sortKey="Pointcheval, David" sort="Pointcheval, David" uniqKey="Pointcheval D" first="David" last="Pointcheval">David Pointcheval</name><affiliation wicri:level="3"><country xml:lang="fr">France</country><wicri:regionArea>CNRS-École normale supérieure, Paris</wicri:regionArea><placeName><region type="region">Île-de-France</region><region type="old region">Île-de-France</region><settlement type="city">Paris</settlement></placeName></affiliation><affiliation wicri:level="1"><country wicri:rule="url">France</country></affiliation></author></analytic><monogr></monogr><series><title level="s" type="main" xml:lang="en">Lecture Notes in Computer Science</title><idno type="ISSN">0302-9743</idno><idno type="eISSN">1611-3349</idno><idno type="ISSN">0302-9743</idno></series></biblStruct></sourceDesc><seriesStmt><idno type="ISSN">0302-9743</idno></seriesStmt></fileDesc><profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>Acronym</term><term>Computer security</term><term>Diffie Hellman problem</term><term>Elliptic curve</term><term>Formal method</term><term>Formal verification</term><term>Internet protocol</term><term>Key exchange</term><term>Modeling</term><term>Oracle</term><term>Probabilistic approach</term><term>Proof theory</term><term>Public key cryptography</term><term>Random function</term><term>Random number</term><term>Seed</term><term>Standardization</term></keywords><keywords scheme="Pascal" xml:lang="fr"><term>Approche probabiliste</term><term>Courbe elliptique</term><term>Cryptographie clé publique</term><term>Echange clé</term><term>Fonction aléatoire</term><term>Modélisation</term><term>Méthode formelle</term><term>Nombre aléatoire</term><term>Normalisation</term><term>Oracle</term><term>Problème Diffie Hellman</term><term>Protocole internet</term><term>Semence</term><term>Sigle</term><term>Sécurité informatique</term><term>Théorie preuve</term><term>Vérification formelle</term></keywords><keywords scheme="Wicri" type="topic" xml:lang="fr"><term>Normalisation</term><term>Semence</term></keywords></textClass></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">Abstract: Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a Diffie-Hellman key exchange. However, formal proofs in the standard model require randomness extractors to formally extract the entropy of the random master secret into a seed prior to deriving other keys. Whereas this is a quite simple tool, it is not easy to use in practice –or it is easy to misuse it–. In addition, in many standards, the acronym PRF (Pseudo-Random Functions) is used for several tasks, and namely the randomness extraction. While randomness extractors and pseudo-random functions are a priori distinct tools, we first study whether such an application is correct or not. We thereafter study the case of $\mathbb{Z}^{*}_{p}$ where p is a safe-prime and the case of elliptic curve since in IPSec for example, only these two groups are considered. We present very efficient and provable randomness extraction techniques for these groups under the DDH assumption. In the special case of elliptic curves, we present a new technique —the so-called ’Twist-AUgmented’ technique— which exploits specific properties of some elliptic curves, and avoids the need of any randomness extractor. We finally compare the efficiency of this method with other solutions.</div></front></TEI><affiliations><list><country><li>France</li><li>États-Unis</li></country><region><li>Californie</li><li>Grand Est</li><li>Lorraine (région)</li><li>Île-de-France</li></region><settlement><li>Nancy</li><li>Paris</li></settlement></list><tree><country name="États-Unis"><region name="Californie"><name sortKey="Chevassut, Olivier" sort="Chevassut, Olivier" uniqKey="Chevassut O" first="Olivier" last="Chevassut">Olivier Chevassut</name></region></country><country name="France"><region name="Île-de-France"><name sortKey="Fouque, Pierre Alain" sort="Fouque, Pierre Alain" uniqKey="Fouque P" first="Pierre-Alain" last="Fouque">Pierre-Alain Fouque</name></region><name sortKey="Fouque, Pierre Alain" sort="Fouque, Pierre Alain" uniqKey="Fouque P" first="Pierre-Alain" last="Fouque">Pierre-Alain Fouque</name><name sortKey="Gaudry, Pierrick" sort="Gaudry, Pierrick" uniqKey="Gaudry P" first="Pierrick" last="Gaudry">Pierrick Gaudry</name><name sortKey="Gaudry, Pierrick" sort="Gaudry, Pierrick" uniqKey="Gaudry P" first="Pierrick" last="Gaudry">Pierrick Gaudry</name><name sortKey="Pointcheval, David" sort="Pointcheval, David" uniqKey="Pointcheval D" first="David" last="Pointcheval">David Pointcheval</name><name sortKey="Pointcheval, David" sort="Pointcheval, David" uniqKey="Pointcheval D" first="David" last="Pointcheval">David Pointcheval</name></country></tree></affiliations></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/Main/Exploration
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 005366 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 005366 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Lorraine
|area= InforLorV4
|flux= Main
|étape= Exploration
|type= RBID
|clé= ISTEX:32506E8AABE71A8E1447E94F7FCC2D69133BA00A
|texte= The Twist-AUgmented Technique for Key Exchange
}}
| This area was generated with Dilib version V0.6.33. |  |