| Abstrakt: |
We examine the recently introduced CF and CF-perfect forward secrecy (PFS) models for two-message authenticated key exchange (TMAKE) by Cremers et al., where the difference between CF and CF-PFS model is that the CF formulates the weak PFS (wPFS), whereas the CF-PFS formulates the PFS. The CF model is claimed by Cremers et al. to be strictly stronger the previous extended Canetti-Krawczyk (eCK) model. However, we notice that the implication relations among CF, CF-PFS, eCK and eCK-PFS model have not been completely studied. Based on TMAKE, we particularly show that CF model and eCK model imply each other under random oracle model. Moreover, we provide a new result on the generic security strengthening transformation (compiler) for building CF-PFS-secure TMAKE protocols. In contrast to a previous work, we show that it is possible to apply the transformation to all CF-secure AKE protocols including all eCK-secure TMAKE protocols in the random oracle model, without restricting to a small specific class of Diffie-Hellman key based protocols. [ABSTRACT FROM AUTHOR] |
