Modular invariant theory: Difference between revisions

Revision as of 19:46, 21 March 2013

The YAK is a public-key authenticated key agreement protocol.^[1] It is considered the simplest among the related protocols, including MQV, HMQV, Station-to-Station protocol, SSL/TLS etc. The authentication is based on public key pairs. As with other protocols, YAK normally requires a Public Key Infrastructure to distribute authentic public keys to the communicating parties. The author suggests that YAK may be unencumbered by patent.

Description

Two parties, Alice and Bob, agree on a group $G$ with generator $g$ of prime order $q$ in which the discrete log problem is hard. Typically a Schnorr group is used. In general, YAK can use any prime order group that is suitable for public key cryptography, including elliptic curve cryptography. Let $g^{a}$ be Alice's long-term public key and $g^{b}$ be Bob's. The protocol executes in one round.

One round: Alice selects $x \in_{R} [0, q - 1]$ and sends out $g^{x}$ together with a zero-knowledge proof (using for example Schnorr signature) for the proof of the exponent $x$ . Similarly, Bob selects $y \in_{R} [0, q - 1]$ and sends out $g^{y}$ together with a zero-knowledge proof for the proof of the exponent $y$ .

The above communication can be completed in one round as neither party depends on the other. When it finishes, Alice and Bob verify the received zero-knowledge proofs. Alice then computes $K = (g^{y} g^{b})^{x + a} = g^{(x + a) (y + b)}$ . Similarly, Bob computes $K = (g^{x} g^{a})^{y + b} = g^{(x + a) (y + b)}$ . With the same keying material $K$ , Alice and Bob can derive a session key using a cryptographic hash function: $κ = H (K)$ .

Security properties

Given that the underlying zero knowledge proof primitive is secure, the YAK protocol is proved to fulfill the following properties.

Private key security - An attacker cannot learn the user's static private key even if he is able to learn all session specific secrets in any compromised session.
Full forward secrecy - Session keys that were securely established in the past uncorrupted sessions will remain incomputable in the future even when both users' static private keys are disclosed.
Session key security - An attacker cannot compute the session key if he impersonates a user but has no access to the user's private key.

References

↑ F. Hao, On Robust Key Agreement Based on Public Key Authentication. Proceedings of the 14th International Conference on Financial Cryptography and Data Security, Tenerife, Spain, LNCS 6052, pp. 383-390, Jan, 2010.

External links

On Robust Key Agreement Based on Public Key Authentication (Full Paper)

[1] F. Hao, On Robust Key Agreement Based on Public Key Authentication. Proceedings of the 14th International Conference on Financial Cryptography and Data Security, Tenerife, Spain, LNCS 6052, pp. 383-390, Jan, 2010.

[1]

@@ Line 1: / Line 1: @@
-Planning a financial budget for various expenses just before touring may help a single not overspend throughout holiday.<br>Using a price range already outlined  [http://tinyurl.com/kecvhhb discount ugg boots] can keep one more mindful of their spending. The improved interest on not exceeding your budget prevents stressful and frustrating situations such as bouncing a check out from developing. Plus it will offer yet another satisfaction. Children make use of getting their particular personal case when traveling.<br><br>A tiny backpack is fine and also the more option they already have with what to place with it the greater number of amused they will be about the journey. Usually take pencils, document, and crayons. Tuck in a road map of your destination, maybe a handheld video game, a pair of ear mobile phones, and a snack food or way too.<br>One more crucial inclusion during these luggage is really a bundle of infant baby wipes. Use some different merchants from your exact same niche, based upon the things you like. Offering your online visitors three or four different ad banners to click on gives them choices in potential destinations to pick from.<br><br>This can provide you with valuable information concerning which service provider functions the most effective up against the other individuals. A travel price range can be worked out to be able to save for any trip every year. You will take a particular quantity from the spend every single paycheck and set it into an account designated for traveling.<br><br>These funds will enable you to pay for vacation connected expenses every year, as well as your remain, gas or plane tickets, and spending money. Prevent receiving bumped while you are employing an aircraft traveling. Initially, make sure to have an sophisticated seating project.<br><br>With seat duties, you just get knocked should you be late. Up coming, you should check-in on the web. You can do this 20 or so-a number of several hours before your leaving and this will assist save you a seating. Last, usually do not be past due. Don't retract your clothes once you pack - roll them.<br><br>Moving your clothes into restricted cylinders is a lot more area successful when packing a suitcase. It is possible to put much more things in your  [http://tinyurl.com/kecvhhb http://tinyurl.com/kecvhhb] luggage, which is extremely important now that airlines charge large service fees for every travelling bag checked out.<br>When preparing for the vacation use space administration methods that make best use of your baggage space. For instance, consider rolling your apparel products as an alternative to foldable them. This may minimize  [http://tinyurl.com/kecvhhb discount ugg boots] lines and wrinkles to make additional place so you can fit more products in every piece of suitcases.<br><br>Make sure to guide your air travel as significantly beforehand as is possible. Like that, you can be assured  [http://tinyurl.com/kecvhhb discount ugg boots] that this airline flight of your liking won't be out of stock. Also, in the event you reserve a flight far ample upfront, you are able to select your own personal seat.<br><br>The pickings are much better when you book your airline flight earlier. It will save you amount of time in the protection series by purchasing a precise Protection Move. Many huge international airports, and a few smaller sized one particular, are selling this high-tech pass to pre-screened tourists.<br><br>The initial cost can save a vacationer time put in stability lines along with the pressure linked to the standard verification process. Make sure you crunch  [http://tinyurl.com/kecvhhb ugg boots sale] amounts when getting ready to purchase a car rental. Whether or not the vacation is really a bit bit less than a 7 days, the every week price may still be unbelievably reduced.<br>So, it can be proposed that you proceed to hire the car employing that level and then turn it pokoje Szczyrk during the early. If going with an infant, you may use their diaper bag being a have-on also. It's not simply fantastic for all your infant gear, but it is a great way to package your belongings.<br><br>Most of these hand bags are typically significantly less apt to be particular for theft.  You may also have squander luggage in these that are great for kids and also for use if you are not at a bathroom that will flush. In case you have issues remembering all the [http://search.un.org/search?ie=utf8&site=un_org&output=xml_no_dtd&client=UN_Website_en&num=10&lr=lang_en&proxystylesheet=UN_Website_en&oe=utf8&q=excellent&Submit=Go excellent] foods you experienced while on a trip, utilize the coasters and napkins with the eating places to file your expertise.<br><br>Write down everything you ate and everything you considered the dinner then go ahead and take coaster or napkin along. It is going to look good with your journey scrapbook. If one makes just as much planning since you can for the getaway, and also you comply with practical advice (and some  notes or possibly a task list may be indispensible) there's absolutely no reason reasons why you can't stay away from most of the anxiety that lots of individuals provide upon themselves when you are traveling.<br><br>Be going to take pleasure in your upcoming traveling encounter, and work in the guidance you've study in this article.
+The '''YAK''' is a public-key authenticated [[key agreement protocol]].<ref>F. Hao, [http://sites.google.com/site/haofeng662/YAK-short-final.pdf On Robust Key Agreement Based on Public Key Authentication]. ''Proceedings of the 14th International Conference on Financial Cryptography and Data Security, Tenerife, Spain, LNCS 6052, pp. 383-390, Jan, 2010.</ref> It is considered the simplest among the related protocols, including [[MQV]], HMQV, [[Station-to-Station protocol]], [[Secure Sockets Layer|SSL]]/[[Transport Layer Security|TLS]] etc. The authentication is based on public key pairs. As with other protocols, YAK normally requires a [[Public Key Infrastructure]] to distribute authentic public keys to the communicating parties. The author suggests that YAK may be unencumbered by patent.
+==Description==
+Two parties, Alice and Bob, agree on a group <math>G</math> with generator <math>g</math> of prime order <math>q</math> in
+which the discrete log problem is hard. Typically a [[Schnorr group]] is used. In general, YAK can use any prime order group
+that is suitable for public key cryptography, including [[elliptic curve cryptography]]. Let <math>g^a</math> be Alice's long-term public key and <math>g^b</math> be Bob's. The protocol executes in one round.
+'''One round''': Alice selects <math>x \in_R [0, q-1]</math> and sends out <math>g^x</math> together with a [[zero-knowledge proof]] (using for example [[Schnorr signature]]) for the proof of the exponent <math>x</math>. Similarly, Bob selects <math>y \in_R [0, q-1]</math> and sends out <math>g^{y}</math> together with a [[zero-knowledge proof]] for the proof of the exponent <math>y</math>.
+The above communication can be completed in one round as neither party depends on the other. When it finishes, Alice and Bob verify the received [[zero-knowledge proofs]]. Alice then computes <math>K = (g^{y} g^{b}) ^ {x + a}= g^{(x + a) (y + b)}</math>. Similarly, Bob computes <math>K = (g^{x} g^{a}) ^ {y + b} = g^{(x + a) (y + b)}</math>. With the same keying material <math>K</math>, Alice and Bob can derive a session key using a [[cryptographic hash function]]: <math>\kappa = H(K)</math>.
+==Security properties==
+Given that the underlying [[Non-interactive zero-knowledge proof|zero knowledge proof]] primitive is secure, the YAK protocol is proved to fulfill the following properties.
+# '''Private key security''' - An attacker cannot learn the user's static private key even if he is able to learn all session specific secrets in any compromised session.
+# '''Full forward secrecy''' - Session keys that were securely established in the past uncorrupted sessions will remain incomputable in the future even when both users' static private keys are disclosed.
+# '''Session key security''' - An attacker cannot compute the session key if he impersonates a user but has no access to the user's private key.
+==References==
+<references/>
+==External links==
+* [http://eprint.iacr.org/2010/136.pdf On Robust Key Agreement Based on Public Key Authentication (Full Paper)]
+[[Category:Cryptography]]
+[[Category:Cryptographic protocols]]

Modular invariant theory: Difference between revisions

Revision as of 19:46, 21 March 2013

Contents

Description

Security properties

References

External links

Navigation menu

Modular invariant theory: Difference between revisions

Revision as of 19:46, 21 March 2013

Description

Security properties

References

External links

Navigation menu

Search