On the tight security of the Transport Layer Security (TLS) Protocol Version 1.3 / Denis Diemert, M.Sc. Wuppertal, January 18, 2023
Content
Acknowledgements
Abstract
Zusammenfassung
Acronyms
Introduction
(Brief) History of TLS
Provable Security
Previous Analyses of TLS 1.3 and their Tightness
Contributions of this Work
Difficulty of Tightly-secure AKE and Signatures in the Multi-user Setting
Further Related Work
Outline of this Thesis
Preliminaries
Notation
Computational Problems
Discrete Logarithm Problem
Computational Diffie–Hellman Problem
Decisional Diffie–Hellman Problem
Strong Diffie–Hellman Problem
Cryptographic Building Blocks
On the Tightness of the TLS 1.3 Handshake Protocol
Multi-stage Key Exchange Protocols
Transport Layer Security Handshake Protocol
HMAC and HKDF
Omitted Features of TLS
Notation
TLS 1.3 Full (EC)DHE Handshake
TLS 1.3 PSK-only/PSK-(EC)DHE Handshake
Abstracting the TLS Key Schedule
Introduction
Abstracted Key Schedule
Indifferentiability
Proving the TLS 1.3 Key Schedule Indifferentiable
Defining the Domains DTh and DCh
Discussion
Modularizing Handshake Encryption
Tight Security of the TLS Full Handshake
Introduction
TLS 1.3 Full (EC)DHE Handshake as an MSKE Protocol
Tight Security of the TLS 1.3 Full (EC)DHE Handshake
Discussion
Tight Security of the TLS-PSK Handshakes
On the Tightness of the TLS 1.3 Record Protocol
More Efficient Digital Signatures with Tight Multi-User Security
Conclusion