Key agreement (KA) allows two or more users to negotiate a secret session key among them over an open network. Authenticated key agreement (AKA) is a KA protocol enhanced to prevent active attacks. AKA can be achieved using a public key infrastructure (PKI) or identity-based cryptography. However, the former suffers from a heavy certificate management burden while the latter is subject to the s...

A generalization of the original Diffie-Hellman key exchange in (Z/pZ) found a new depth when Miller [27] and Koblitz [16] suggested that such a protocol could be used with the group over an elliptic curve. In this paper, we propose a further vast generalization where abelian semigroups act on finite sets. We define a Diffie-Hellman key exchange in this setting and we illustrate how to build in...

KEM (Key Encapsulation Mechanism) was introduced by Shoup to formalize the asymmetric encryption specified for key distribution in ISO standards on public-key encryption. Shoup defined the “semantic security (IND) against adaptively chosen ciphertext attacks (CCA2)” as a desirable security notion of KEM. This paper introduces ”nonmalleability (NM)” of KEM, a stronger security notion than IND. W...

The strongest security definition for public key encryption (PKE) schemes is indistinguishability against adaptive chosen ciphertext attacks (IND-CCA). A practical IND-CCA secure PKE scheme in the standard model is well-known to be difficult to construct given the fact that there are only a few such kind of PKE schemes available. From another perspective, we observe that for a large class of PK...

In this paper, an efficient authenticated asymmetric key exchange scheme has been designed based on the features of the Threshold Cryptography [11]. The method provides authentication and key establishment (like RSA, ) over an insecure channel using shares of two prime numbers and is secure against even off-line dictionary attack. In the proposed scheme, , and are all secret and each of the two...

Key establishment protocols are among the most important security mechanisms via which two or more parties can generate a common session key to in order to encrypt their communications over an otherwise insecure network. This paper is concerned with the vulnerability of one-pass two-party key establishment protocols to key-compromise impersonation (K-CI) attacks. The latter may occur once an ad...

Historically, multivariate public key cryptography has been less than successful at offering encryption schemes which are both secure and efficient. At PQCRYPTO ’13 in Limoges, Tao, Diene, Tang, and Ding introduced a promising new multivariate encryption algorithm based on a fundamentally new idea: hiding the structure of a large matrix algebra over a finite field. We present an attack based on...

In this work, we present efficient public-key encryption schemes resilient against linear related key attacks (RKA) under standard assumptions and in the standard model. Specifically, we obtain encryption schemes based on hardness of factoring, BDDH and LWE that remain secure even against an adversary that may query the decryption oracle on linear shifts of the actual secret key. Moreover, the ...

In this paper, we present a security framework that provides identity protection against active and passive attacks for end-points. The framework is based on a two-round-trip authenticated Diffie-Hellman key exchange protocol that identifies the end-points to each other and creates a security association between the peers. The protocol hides the public key based identifiers from attackers and e...

In this letter we show that the variation of the Cramer-Shoup public-key encryption scheme as introduced in 1] is not secure against an adaptive chosen ciphertext attack. This removes the putative main advantage of the scheme. Introduction: In 1] a new public-key encryption scheme was proposed. It is a (sim