View article

For two parties to communicate securely over an insecure channel, they must be able to authenticate one another and establish a common session key. We propose a new secure one-pass authenticated key establishment protocol which is well suited to one-way communication channels. The protocol is examined using an extension of the Bellare-Rogaway model proposed by Blake-Wilson et. al., and is shown to be provably secure, in the sense that defeating the protocol is equivalent to solving a CDH problem. We compare our protocol to existing approaches, in terms of security and efficiency. To the best of our knowledge, ours is the only one-pass protocol that resists general key-compromise impersonation attacks, and avoids certain vulnerabilities to loss of information attacks found in other protocols of its class.