Construction and security analysis of 0-RTT Protocols / Kai Gellert, M. Sc. Wuppertal, March 24, 2020
Inhalt
- Abstract
- Acronyms
- Introduction
- Preliminaries
- Notation
- Provable Security
- Cryptographic Building Blocks
- Cryptographic Hash Functions
- Pseudorandom Generators
- Pseudorandom Functions
- Symmetric Encryption
- Key Encapsulation Mechanisms
- Digital Signatures
- Complexity Assumptions
- The Random Oracle Model
- A Modern View on Forward Security
- Motivation
- The Traditional View
- Forward Security as Generalization
- Forward Security in a Non-Interactive Setting
- Classifying Forward Security
- Conclusion and Open Problems
- 0-RTT Key Exchange Protocols
- Bloom Filter Key Encapsulation Mechanisms
- Motivation
- Bloom Filters and Their Properties
- Bloom Filter Key Encapsulation Mechanisms
- Bloom Filter Encryption from Identity-based Broadcast Encryption
- Building Blocks
- Construction
- Security against Chosen-Plaintext Adversaries
- Security against Chosen-Ciphertext Adversaries
- Instantiation and Comparison
- Conclusion and Open Problems
- Non-Interactive Forward-Secure Single-Pass Circuit Construction
- 0-RTT Session Resumption Protocols
- 0-RTT Session Resumption with Forward Security
- Motivation
- 0-RTT Session Resumption Protocols and Their Security
- Constructing Secure Session Resumption Protocols
- A PPRF with Short Secret Keys from Strong RSA
- Tree-based PPRFs
- Conclusion and Open Problems
- TLS 1.3 0-RTT with Absolute Forward Security
- Motivation
- Hash-based Key Derivation
- Multi-Stage Key Exchange
- Protocol Composition
- Security Analysis
- Conclusion and Open Problems
- Conclusion
- Bibliography
- Glossary of Terms Qualifying Forward Secrecy and Forward Security
- Feasibility of Message Suppression Attacks in SP:GreMie15
- IBBE with Constant Size Ciphertexts and Secret Keys
- Detailed Description of TLS 1.3 Protocol Values