Cryptography algorithm standards play a key role both to the practice of information security and to cryptography theory research. Among them, the MQV and HMQV protocols ((H)MQV, in short) are a family of (implicitly authenticated) Diffie-Hellman key
-exchange (DHKE) protocols that are widely standardized and deployed. In this work, from some new perspectives and approaches and under some new design rationales and insights, we develop a new family of practical implicitly authenticated DHKE protocols, which enjoy notable performance among security, privacy, efficiency and easy deployment. We make detailed comparisons between our new DHKE protocols and (H)MQV, showing that the newly developed protocols outperform HMQV in most aspects. Along the way, guided by our new design rationales, we also identify a new vulnerability (H)MQV, which brings some new perspectives (e.g., computational fairness) to the literature.
Concurrent non-malleability (CNM) is central for cryptographic protocols running concurrently in environments such as the Internet. In this work, we formulate CNM in the bare public-key (BPK) model, and show that round-efficient concurrent non-mallea
ble cryptography with full adaptive input selection can be established, in general, with bare public-keys (where, in particular, no trusted assumption is made). Along the way, we clarify the various subtleties of adaptive concurrent non-malleability in the bare public-key model.
Knowledge extraction is a fundamental notion, modelling machine possession of values (witnesses) in a computational complexity sense. The notion provides an essential tool for cryptographic protocol design and analysis, enabling one to argue about th
e internal state of protocol players without ever looking at this supposedly secret state. However, when transactions are concurrent (e.g., over the Internet) with players possessing public-keys (as is common in cryptography), assuring that entities ``know what they claim to know, where adversaries may be well coordinated across different transactions, turns out to be much more subtle and in need of re-examination. Here, we investigate how to formally treat knowledge possession by parties (with registered public-keys) interacting over the Internet. Stated more technically, we look into the relative power of the notion of ``concurrent knowledge-extraction (CKE) in the concurrent zero-knowledge (CZK) bare public-key (BPK) model.
