Refining Authenticated Key Agreement with Strong Adversaries

Joseph Lallemand 📧 and Christoph Sprenger 📧

January 31, 2017

This is a development version of this entry. It might change over time and is not stable. Please refer to release versions for citations.


We develop a family of key agreement protocols that are correct by construction. Our work substantially extends prior work on developing security protocols by refinement. First, we strengthen the adversary by allowing him to compromise different resources of protocol participants, such as their long-term keys or their session keys. This enables the systematic development of protocols that ensure strong properties such as perfect forward secrecy. Second, we broaden the class of protocols supported to include those with non-atomic keys and equationally defined cryptographic operators. We use these extensions to develop key agreement protocols including signed Diffie-Hellman and the core of IKEv1 and SKEME.


GNU Lesser General Public License (LGPL)


Session Key_Agreement_Strong_Adversaries