Exchanging a key: how hard can it be?

14 June 2016
Cas Cremers
During the last thirty years, there have been many advances in the development of protocols for
authenticated key exchange. Although signature-based variants of Diffie-Hellman have been
known since the start of this development, dozens of new (two message) protocols are still proposed each
year. In this talk, we present some of the recent history of security definitions for Authenticated Key
Exchange, their many relatives, and discuss strengths and weaknesses. We motivate why there
has been little convergence in terms of protocols or security definitions. I will also present some of our 
recent work in this domain, including new stronger security definitions, and how to achieve them.
  • Cryptography Seminar