74eb47db |
1 | %%% -*-latex-*- |
2 | %%% |
90d03a85 |
3 | %%% $Id: wrestlers.tex,v 1.3 2001/06/22 19:41:31 mdw Exp $ |
74eb47db |
4 | %%% |
5 | %%% Description of the Wrestlers Protocol |
6 | %%% |
7 | %%% (c) 2001 Mark Wooding |
8 | %%% |
9 | |
10 | %%%----- Revision history --------------------------------------------------- |
11 | %%% |
12 | %%% $Log: wrestlers.tex,v $ |
90d03a85 |
13 | %%% Revision 1.3 2001/06/22 19:41:31 mdw |
14 | %%% Restart with different structure and rather more formal objectives. |
15 | %%% |
874aed51 |
16 | %%% Revision 1.2 2001/02/22 09:09:05 mdw |
17 | %%% Partially through reworking. |
18 | %%% |
74eb47db |
19 | %%% Revision 1.1 2001/02/16 21:43:33 mdw |
20 | %%% Initial versions of documentation. |
21 | %%% |
22 | |
23 | \documentclass{article} |
24 | \usepackage{amssymb} |
90d03a85 |
25 | \usepackage{amstext} |
74eb47db |
26 | |
90d03a85 |
27 | \errorcontextlines=999 |
28 | \makeatletter |
74eb47db |
29 | |
90d03a85 |
30 | \title{The Wrestlers Protocol: proof-of-receipt and secure key exchange} |
31 | \author{Mark Wooding \and Clive Jones} |
74eb47db |
32 | |
90d03a85 |
33 | \bibliographystyle{alpha} |
74eb47db |
34 | |
90d03a85 |
35 | \newtheorem{theorem}{Theorem} |
36 | \newenvironment{proof}[1][Proof]{% |
37 | \par\noindent\textbf{#1.} % |
38 | }{% |
39 | \penalty\@M\hfill\vadjust{}% |
40 | \penalty\z@\relax\vadjust{}% |
41 | \penalty\@M\hfill$\square$% |
42 | \par% |
43 | } |
74eb47db |
44 | |
90d03a85 |
45 | \begin{document} |
74eb47db |
46 | |
90d03a85 |
47 | \maketitle |
48 | \begin{abstract} |
49 | Fill this in later. |
50 | \end{abstract} |
51 | \tableofcontents |
52 | \newpage |
74eb47db |
53 | |
90d03a85 |
54 | %%%-------------------------------------------------------------------------- |
74eb47db |
55 | |
90d03a85 |
56 | \section{Introduction} |
57 | % Some waffle here about the desirability of a key-exchange protocol that |
58 | % doesn't leave signatures lying around, followed by an extended report of |
59 | % the various results. |
74eb47db |
60 | |
90d03a85 |
61 | %%%-------------------------------------------------------------------------- |
74eb47db |
62 | |
63 | \section{A simple authentication protocol} |
90d03a85 |
64 | % Present the basic Diffie-Hellman-based authenticator, and prove that an |
65 | % authentication oracle is useless if the hash function has appropriate |
66 | % properties. |
74eb47db |
67 | |
90d03a85 |
68 | Suppose that $G$ is some cyclic group of order $q$, generated by an element |
69 | $g$, in which the decision Diffie-Hellman problem \cite{Boneh:1998:DDP} is |
70 | hard. Alice can choose a private key $1 < \alpha < q$ and publish her |
71 | corresponding public key $A = g^\alpha$. Later, Bob can verify that he's |
72 | talking to Alice by choosing a random $1 < \beta < q$ and sending Alice a |
73 | \emph{challenge} $B = g^\beta$. If she replies with $B^\alpha$, Bob accepts |
74 | that he's talking to Alice, otherwise he doesn't. |
874aed51 |
75 | |
90d03a85 |
76 | %%%-------------------------------------------------------------------------- |
874aed51 |
77 | |
90d03a85 |
78 | \section{An MT-authenticator} |
79 | % Use the protocol of the previous section as an MT-authenticator, within the |
80 | % meaning of [Canetti:2001:AKE]. |
74eb47db |
81 | |
90d03a85 |
82 | %%%-------------------------------------------------------------------------- |
74eb47db |
83 | |
90d03a85 |
84 | \section{A key-exchange protocol} |
85 | % Present the Wrestlers protocol in all its glory. Show, by means of the |
86 | % previous proofs, that the Wrestlers protocol is simulatable in the |
87 | % authenticated model using a much simpler protocol. Show that the simpler |
88 | % protocol is SK-secure. |
74eb47db |
89 | |
90 | %%%----- That's all, folks -------------------------------------------------- |
91 | |
90d03a85 |
92 | \bibliography{cryptography,mdw-crypto} |
74eb47db |
93 | \end{document} |
94 | |
95 | %%% Local Variables: |
96 | %%% mode: latex |
97 | %%% TeX-master: "wrestlers" |
98 | %%% End: |