MQV

MQV: MQV (Menezes–Qu–Vanstone) is an authenticated protocol for key agreement based on the Diffie–Hellman scheme. Like other authenticated Diffie-Hellman schemes, MQV provides protection against an active attacker. The protocol can be modified to work in an arbitrary finite group, and, in particular, elliptic curve groups, where it is known as elliptic curve MQV (ECMQV).

MQV was initially proposed by Menezes, Qu and Vanstone in 1995. It was modified with Law and Solinas in 1998. There are one-, two- and three-pass variants.

MQV is incorporated in the public-key standard IEEE P1363.

Some variants of MQV are claimed in patents assigned to Certicom [1].

MQV has some weaknesses that were fixed by HMQV in 2005 [2]; see [3], [4], [5] for an alternative viewpoint.

ECMQV has been dropped from the National Security Agency's Suite B set of cryptographic standards.

Both MQV and HMQV have weaknesses, that are fixed in the FHMQV protocol (see [6])

Contents

1 Description

1.1 Correctness

2 See also

3 References

4 External links

Description

Alice has a key pair (A,a) with A her public key and a her private key and Bob has the key pair (B,b) with B his public key and b his private key.

In the following $\bar{R}$ has the following meaning. Let $R = (x, y)$ be a point on an elliptic curve. Then $\bar{R} = (x\, \bmod\, 2^L) + 2^L$ where $L = \left \lceil \frac{\lfloor \log_{2} n \rfloor + 1}{2} \right \rceil$ and n is the order of the used generator point P. So $\bar{R}$ are the first L bits of the x coordinate of R.

Step Operation

1 Alice generates a key pair (X,x) by generating randomly x and calculating X=xP with P a point on an elliptic curve.

2 Bob generates a key pair (Y,y) in the same way as Alice.

3 Now, Alice calculates $S_a = x + \bar{X} a$ and sends X to Bob.

4 Bob calculates $S_b = y + \bar{Y} b$ and sends Y to Alice.

5 Alice calculates $K = h \cdot S_a (Y + \bar{Y}B)$ and Bob calculates $K = h \cdot S_b (X + \bar{X}A)$ where h is the cofactor (see Elliptic_curve_cryptography#Domain_parameters).

6 The communication of secret $K$ was successful. A key for a symmetric-key algorithm can be derived from K.

Note: for the algorithm to be secure some checks have to be performed. See Hankerson et al.

Correctness

Bob calculates: $K = h \cdot S_b (X + \bar{X}A) = h \cdot S_b (xP + \bar{X}aP) = h \cdot S_b (x + \bar{X}a)P = h \cdot S_b S_a P$ .

Alice calculates: $K = h \cdot S_a (Y + \bar{Y}B) = h \cdot S_a (yP + \bar{Y}bP) = h \cdot S_a (y + \bar{Y}b)P = h \cdot S_b S_a P$ .

So the keys K are indeed the same with $K = h \cdot S_b S_a P$

See also

Elliptic curve cryptography

References

Burton S. Kaliski Jr., An unknown key-share attack on the MQV key agreement protocol. ACM Trans. Inf. Syst. Secur. 4(3): pp275–288 (2001)

Laurie Law, Alfred Menezes, Minghua Qu, Jerry Solinas, Scott A. Vanstone, An Efficient Protocol for Authenticated Key Agreement. Des. Codes Cryptography 28(2): pp119–134 (2003)

Peter J. Leadbitter, Nigel P. Smart: Analysis of the Insecurity of ECMQV with Partially Known Nonces. ISC 2003: pp240–251

A. Menezes, M. Qu, and S. Vanstone, Some new key agreement protocols providing implicit authentication, Preproceedings of Workshops on Selected Areas in Cryptography (1995).

D. Hankerson, A. Menezes, and S.A. Vanstone, Guide to Elliptic Curve Cryptography, Springer-Verlag, 2004.

External links

A Secure and Efficient Authenticated Diffie–Hellman Protocol by Sarr, Elbaz-Vincent, and Bajard

HMQV: A High-Performance Secure Diffie–Hellman Protocol by Hugo Krawczyk

Another look at HMQV

An Efficient Protocol for Authenticated Key Agreement

MQV and HMQV in IEEE P1363 (power point)

v · d · e Public-key cryptography

Algorithms

Benaloh · Blum–Goldwasser · Cayley–Purser · CEILIDH · Cramer–Shoup · Damgård–Jurik · DH · DSA · EPOC · ECDH · ECDSA · EKE · ElGamal (encryption · signature scheme) · GMR · Goldwasser–Micali · HFE · IES · Lamport · McEliece · Merkle–Hellman · MQV · Naccache–Stern · NTRUEncrypt · NTRUSign · Paillier · Rabin · RSA · Okamoto–Uchiyama · Schnorr · Schmidt–Samoa · SPEKE · SRP · STS · Three-pass protocol · XTR

Theory

Discrete logarithm · Elliptic curve cryptography · RSA problem

Standardization

ANS X9F1 · CRYPTREC · IEEE P1363 · NESSIE · NSA Suite B

Topics

Digital signature · OAEP · Fingerprint · PKI · Web of trust · Key size

v · d · e Cryptography

History of cryptography · Cryptanalysis · Cryptography portal · Outline of cryptography

Symmetric-key algorithm · Block cipher · Stream cipher · Public-key cryptography · Cryptographic hash function · Message authentication code · Random numbers · Steganography

Categories:
Public-key cryptography
Asymmetric-key cryptosystems
Cryptography stubs

Step	Operation
1	Alice generates a key pair (X,x) by generating randomly x and calculating X=xP with P a point on an elliptic curve.
2	Bob generates a key pair (Y,y) in the same way as Alice.
3	Now, Alice calculates $S_a = x + \bar{X} a$ and sends X to Bob.
4	Bob calculates $S_b = y + \bar{Y} b$ and sends Y to Alice.
5	Alice calculates $K = h \cdot S_a (Y + \bar{Y}B)$ and Bob calculates $K = h \cdot S_b (X + \bar{X}A)$ where h is the cofactor (see Elliptic_curve_cryptography#Domain_parameters).
6	The communication of secret $K$ was successful. A key for a symmetric-key algorithm can be derived from K.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

MQV — (Менезес Кью Ванстоун) это аутентификационный протокол, базирующийся на алгоритме Диффи Хеллмана. MQV предоставляет защиту против активных атак путем сочетания статического и временного ключей. Протокол может быть модифицирован для работы в … Википедия
MQV — Caracas, Venezuela (Regional » Airport Codes) … Abbreviations dictionary
mqv — ISO 639 3 Code of Language ISO 639 2/B Code : ISO 639 2/T Code : ISO 639 1 Code : Scope : Individual Language Type : Living Language Name : Mosimo … Names of Languages ISO 639-3
MQV — abbr. Mighty, Quiet, Versatile … Dictionary of abbreviations
IEEE P1363 — IEEE P1363 проект Института инженеров по электротехнике и электронике (англ. Institute of Electrical and Electronics Engineers, IEEE) по стандартизации криптосистем с открытым ключом. Целью проекта было объединение опыта разработчиков… … Википедия
Diffie–Hellman key exchange — (D–H)[nb 1] is a specific method of exchanging keys. It is one of the earliest practical examples of key exchange implemented within the field of cryptography. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge … Wikipedia
Diffie-Hellman key exchange — (D H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications… … Wikipedia
Elliptic curve cryptography — (ECC) is an approach to public key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz[1] and Victor S. Miller[2] in 1985.… … Wikipedia
IEEE P1363 — is an Institute of Electrical and Electronics Engineers (IEEE) standardization project for public key cryptography. It includes specifications for: Traditional public key cryptography (IEEE Std 1363 2000 and 1363a 2004) Lattice based public key… … Wikipedia
ECC patents — Patent related uncertainty around elliptic curve cryptography (ECC), or ECC patents, is one of the main factors limiting its wide acceptance. For example, the OpenSSL team accepted an ECC patch only in 2005 (in OpenSSL version 0.9.8), despite the … Wikipedia

Academic Dictionaries and Encyclopedias

MQV

Contents

Description

Correctness

See also

References

External links

Look at other dictionaries:

Share the article and excerpts

Academic Dictionaries and Encyclopedias

Wikipedia

MQV

Contents

Description

Correctness

See also

References

External links

Look at other dictionaries:

Share the article and excerpts

Direct link