Systematic design of two-party authentication protocols

Ray Bird, Inder Gopal, Amir Herzberg, Phil Janson, Shay Kutten, Refik Molva, Moti Yung

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

67 Scopus citations


We investigate protocols for authenticated exchange of messages between two parties in a communication network. Secure authenticated exchange is essential for network security. It is not difficult to design simple and seemingly correct solutions for it, however, many such ‘solutions’ can be broken. We give some examples of such protocols and we show a useful methodology which can be used to break many protocols. In particular, we break a protocol that is being standardized by the ISO. We present a new authenticated exchange protocol which is both provably secure and highly efficient and practical. The security of the protocol is proven, based on an assumption about the the cryptosystem employed (namely, that it is secure when used in CBC mode on a certain message space). We think that this assumption is quite reasonable for many cryptosystems, and furthermore it is often assumed in practical use of the DES cryptosystem. Our protocol cannot be broken using the methodology we present (which was strong enough to catch all protocol flaws we found). The reduction to the security of the encryption mode, indeed captures the non-existence of the exposures that the methodology catches (specialized to the actual use of encryption in our protocol). Furthermore, the protocol prevents chosen plaintext or ciphertext attacks on the cryptosystem. The proposed protocol is efficient and practical in several aspects. First, it uses only conventional cryptography (like the DES, or any privately-shared one-way function) and no public-key. Second, the protocol does not require synchronized clocks or counter management. Third, only a small number of encryption operations is needed (we use no decryption), all with a single shared key. In addition, only three messages are exchanged during the protocol, and the size of these messages is minimal. These properties are similar to existing and proposed actual protocols. This is essential for integration of the proposed protocol into existing systems and embedding it in existing communication protocols.

Original languageEnglish
Title of host publicationAdvances in Cryptology — CRYPTO 1991, Proceedings
EditorsJoan Feigenbaum
PublisherSpringer Verlag
Number of pages18
ISBN (Print)9783540551881
StatePublished - 1992
Externally publishedYes
Event11th Confrence on Advances in Cryptology, CRYPTO 1991 - Santa Barbara, United States
Duration: 11 Aug 199115 Aug 1991

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume576 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference11th Confrence on Advances in Cryptology, CRYPTO 1991
Country/TerritoryUnited States
CitySanta Barbara

Bibliographical note

Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 1992.


Dive into the research topics of 'Systematic design of two-party authentication protocols'. Together they form a unique fingerprint.

Cite this