Blake-Wilson,Johnson & Menezes protocol revisited  

作　　者：HUANG Hai CAO ZhenFu 

机构地区：[1]Department of Computer Science and Engineering, Shanghai Jiaotong University, Shanghai 200240, China [2]Division of Computer, Zhejiang SciTech University, Xiasha Higher Education Zone, Hangzhou 310018, China

出　　处：《Science China(Information Sciences)》2011年第7期1365-1374,共10页中国科学（信息科学）（英文版）

基　　金：supported in part by the National Natural Science Foundation of China (Grant Nos.60970110,60972034,61033014);the National Basic Research Program of China (Grant No.2007CB311201);Zhejiang Provincial Natural Science Foundation of China (Grant No.Y1110157);Science Foundation of Zhejiang Sci-Tech University (Grant No.1007827-Y)

摘　　要：In this paper, we investigate the famous Blake-Wilson, Johnson ＆ Menezes （BJM） authenticated key exchange protocols. We observe that the BJM model fails to model the adversary＇s capability in the public setting well. We modify the BJM model by providing it with a new Register query and a modified Corrupt query. This way, we bring the BJM model further to practice. Moreover, our modification has a significant impact on the security proof of the BJM protocols. Specifically, the security proofs using CDH assumption will no longer work in the modified BJM model. With some modifications, we show that the BJM protocols are secure in the modified BJM model under the gap Diffie-Hellman assumption （GDH）.In this paper, we investigate the famous Blake-Wilson, Johnson ＆ Menezes （BJM） authenticated key exchange protocols. We observe that the BJM model fails to model the adversary＇s capability in the public setting well. We modify the BJM model by providing it with a new Register query and a modified Corrupt query. This way, we bring the BJM model further to practice. Moreover, our modification has a significant impact on the security proof of the BJM protocols. Specifically, the security proofs using CDH assumption will no longer work in the modified BJM model. With some modifications, we show that the BJM protocols are secure in the modified BJM model under the gap Diffie-Hellman assumption （GDH）.

关 键 词：authenticated key exchange provable security BJM model gap Diffie-Hellman 

分 类 号：TP393[自动化与计算机技术—计算机应用技术] G841[自动化与计算机技术—计算机科学与技术]