Universally composable notions of key exchange and secure channels

Ran Canetti, Hugo Krawczyk

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Recently, Canetti and Krawczyk (Eurocrypt’2001) formulated a notion of security for key-exchange (ke) protocols, called SKsecurity, and showed that this notion suffices for constructing secure channels. However, their model and proofs do not suffice for proving more general composability properties of SK-secure ke protocols. We show that while the notion of SK-security is strictly weaker than a fully-idealized notion of key exchange security, it is sufficiently robust for providing secure composition with arbitrary protocols. In particular, SK-security guarantees the security of the key for any application that desires to set-up secret keys between pairs of parties. We also provide new definitions of secure-channels protocols with similarly strong composability properties, and show that SK-security suffices for obtaining these definitions. To obtain these results we use the recently proposed framework of “universally composable (UC) security.” We also use a new tool, called “noninformation oracles,” which will probably find applications beyond the present case. These tools allow us to bridge between seemingly limited indistinguishability-based definitions such as SK-security and more powerful, simulation-based definitions, such as UC security, where general composition theorems can be proven. Furthermore, based on such composition theorems we reduce the analysis of a full-fledged multi-session keyexchange protocol to the (simpler) analysis of individual, stand-alone, key-exchange sessions.

Original languageEnglish
Title of host publicationAdvances in Cryptology - EUROCRYPT 2002 - International Conference on the Theory and Applications of Cryptographic Techniques, 2002, Proceedings
EditorsLars R. Knudsen
PublisherSpringer Verlag
Number of pages15
ISBN (Print)9783540435532
StatePublished - 2002
Externally publishedYes
EventInternational Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2002 - Amsterdam, Netherlands
Duration: 28 Apr 20022 May 2002

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceInternational Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2002


  • Composition of protocols
  • Cryptographic protocols
  • Key exchange
  • Proofs of security


Dive into the research topics of 'Universally composable notions of key exchange and secure channels'. Together they form a unique fingerprint.

Cite this