@INPROCEEDINGS{7958615,
author={R. {Küsters} and D. {Rausch}},
booktitle={2017 IEEE Symposium on Security and Privacy (SP)},
title={A Framework for Universally Composable Diffie-Hellman Key Exchange},
year={2017},
volume={},
number={},
pages={881-900},
keywords={cryptographic protocols;security of data;universal composability;Diffie-Hellman key exchange;DH key exchange;key exchange protocols;protocols building;protocol security;cryptographic primitives;ISO 9798-3;SIGMA;OPTLS;Protocols;Computational modeling;DH-HEMTs;Standards;Encryption;protocol security;universal composability;Diffie-Hellman key exchange;reduction proofs;IITM model},
doi={10.1109/SP.2017.63},
ISSN={2375-1207},
month={May},
}
The analysis of real-world protocols, in particular key exchange protocols and protocols building on these protocols, is a very complex, error-prone, and tedious task. Besides the complexity of the protocols itself, one important reason for this is that the security of the protocols has to be reduced to the security of the underlying cryptographic primitives for every protocol time and again. We would therefore like to get rid of reduction proofs for real-world key exchange protocols as much as possible and in many cases altogether, also for higher-level protocols which use the exchanged keys. So far some first steps have been taken in this direction. But existing work is still quite limited, and, for example, does not support Diffie-Hellman (DH) key exchange, a prevalent cryptographic primitive for real-world protocols. In this paper, building on work by Kusters and Tuengerthal, we provide an ideal functionality in the universal composability setting which supports several common cryptographic primitives, including DH key exchange. This functionality helps to avoid reduction proofs in the analysis of real-world protocols and often eliminates them completely. We also propose a new general ideal key exchange functionality which allows higherlevel protocols to use exchanged keys in an ideal way. As a proof of concept, we apply our framework to three practical DH key exchange protocols, namely ISO 9798-3, SIGMA, and OPTLS.