Reading the Crypto Classics

Canetti and Krawczyk: "Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels" (EUROCRYPT 2001)

2022/08/09 10:00-11:00

Moderator: Olga Sanina (TU Darmstadt, Cryptoplexity Group) | Location: online

Organizer: , TU Darmstadt, Cryptography and Information Security Group


This talk is the fourth one in the seminar series “Reading the Crypto Classics” for the very special summer term 2022. The idea of this seminar is to jointly read classical milestone papers in the area of cryptography, to discuss their impact and understand their relevance for current research areas. The seminar is running as an Oberseminar, but at the same time meant to be a joint reading group seminar of the CROSSING Special Interest Group on Advanced Cryptography with all interested CROSSING members being invited to participate.

This issue will cover the paper/talk

Canetti and Krawczyk: “Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels” (EUROCRYPT 2001) available at (opens in new tab)

with the following abstract:

“We present a formalism for the analysis of key-exchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits: (i) any key-exchange protocol that satisfies the security definition can be composed with symmetric encryption and authentication functions to provide provably secure communication channels (as defined here); and (ii) the definition allows for simple modular proofs of security: one can design and prove security of key-exchange protocols in an idealized model where the communication links are perfectly authenticated, and then translate them using general tools to obtain security in the realistic setting of adversary-controlled links.

We exemplify the usability of our results by applying them to obtain the proof of two classes of key-exchange protocols, Diffie-Hellman and key-transport, authenticated via symmetric or asymmetric techniques.”

Further information on the virtual format

For participation the following meeting link is required:

More information