On the tight security of the Transport Layer Security (TLS) Protocol Version 1.3 / Denis Diemert, M.Sc. Wuppertal, January 18, 2023
Inhalt
- Acknowledgements
- Abstract
- Zusammenfassung
- Acronyms
- Introduction
- (Brief) History of TLS
- Provable Security
- Previous Analyses of TLS 1.3 and their Tightness
- Contributions of this Work
- Difficulty of Tightly-secure AKE and Signatures in the Multi-user Setting
- Further Related Work
- Outline of this Thesis
- Preliminaries
- Notation
- Computational Problems
- Discrete Logarithm Problem
- Computational Diffie–Hellman Problem
- Decisional Diffie–Hellman Problem
- Strong Diffie–Hellman Problem
- Cryptographic Building Blocks
- On the Tightness of the TLS 1.3 Handshake Protocol
- Multi-stage Key Exchange Protocols
- Transport Layer Security Handshake Protocol
- HMAC and HKDF
- Omitted Features of TLS
- Notation
- TLS 1.3 Full (EC)DHE Handshake
- TLS 1.3 PSK-only/PSK-(EC)DHE Handshake
- Abstracting the TLS Key Schedule
- Introduction
- Abstracted Key Schedule
- Indifferentiability
- Proving the TLS 1.3 Key Schedule Indifferentiable
- Defining the Domains DTh and DCh
- Discussion
- Modularizing Handshake Encryption
- Tight Security of the TLS Full Handshake
- Introduction
- TLS 1.3 Full (EC)DHE Handshake as an MSKE Protocol
- Tight Security of the TLS 1.3 Full (EC)DHE Handshake
- Discussion
- Tight Security of the TLS-PSK Handshakes
- On the Tightness of the TLS 1.3 Record Protocol
- More Efficient Digital Signatures with Tight Multi-User Security
- Conclusion