3 %%% $Id: wrestlers.tex,v 1.3 2001/06/22 19:41:31 mdw Exp $
5 %%% Description of the Wrestlers Protocol
7 %%% (c) 2001 Mark Wooding
10 %%%----- Revision history ---------------------------------------------------
12 %%% $Log: wrestlers.tex,v $
13 %%% Revision 1.3 2001/06/22 19:41:31 mdw
14 %%% Restart with different structure and rather more formal objectives.
16 %%% Revision 1.2 2001/02/22 09:09:05 mdw
17 %%% Partially through reworking.
19 %%% Revision 1.1 2001/02/16 21:43:33 mdw
20 %%% Initial versions of documentation.
23 \documentclass{article
}
27 \errorcontextlines=
999
30 \title{The Wrestlers Protocol: proof-of-receipt and secure key exchange
}
31 \author{Mark Wooding
\and Clive Jones
}
33 \bibliographystyle{alpha
}
35 \newtheorem{theorem
}{Theorem
}
36 \newenvironment{proof
}[1][Proof
]{%
37 \par\noindent\textbf{#1.
} %
39 \penalty\@M
\hfill\vadjust{}%
40 \penalty\z@
\relax\vadjust{}%
41 \penalty\@M
\hfill$
\square$
%
54 %%%--------------------------------------------------------------------------
56 \section{Introduction
}
57 % Some waffle here about the desirability of a key-exchange protocol that
58 % doesn't leave signatures lying around, followed by an extended report of
59 % the various results.
61 %%%--------------------------------------------------------------------------
63 \section{A simple authentication protocol
}
64 % Present the basic Diffie-Hellman-based authenticator, and prove that an
65 % authentication oracle is useless if the hash function has appropriate
68 Suppose that $G$ is some cyclic group of order $q$, generated by an element
69 $g$, in which the decision Diffie-Hellman problem
\cite{Boneh:
1998:DDP
} is
70 hard. Alice can choose a private key $
1 <
\alpha < q$ and publish her
71 corresponding public key $A = g^
\alpha$. Later, Bob can verify that he's
72 talking to Alice by choosing a random $
1 <
\beta < q$ and sending Alice a
73 \emph{challenge
} $B = g^
\beta$. If she replies with $B^
\alpha$, Bob accepts
74 that he's talking to Alice, otherwise he doesn't.
76 %%%--------------------------------------------------------------------------
78 \section{An MT-authenticator
}
79 % Use the protocol of the previous section as an MT-authenticator, within the
80 % meaning of [Canetti:2001:AKE].
82 %%%--------------------------------------------------------------------------
84 \section{A key-exchange protocol
}
85 % Present the Wrestlers protocol in all its glory. Show, by means of the
86 % previous proofs, that the Wrestlers protocol is simulatable in the
87 % authenticated model using a much simpler protocol. Show that the simpler
88 % protocol is SK-secure.
90 %%%----- That's all, folks --------------------------------------------------
92 \bibliography{cryptography,mdw-crypto
}
97 %%% TeX-master: "wrestlers"