homeresources & publications › secret handshakes from pairing-based key agreements


Secret handshakes from pairing-based key agreements


Consider a CIA agent who wants to authenticate herself to a server, but does not want to reveal her CIA credentials unless the server is a genuine CIA outlet. Consider also that the CIA server does not want to reveal its CIA credentials to anyone but CIA agents – not even to other CIA servers. In this paper we first show how pairing-based cryptography can be used to implement such secret handshakes. We then propose a formal definition for secure secret handshakes and prove that our pairing-based schemes are secure under the Bilinear Diffie-Hellman assumption. Our protocols support role-based group membership authentication, traceability, indistinguishability to eavesdroppers, unbounded collusion resistance, and forward repudiability. Our secret-handshake scheme can be implemented as a TLS cipher suite. We report on the performance of our preliminary Java implementation.


Balfanz, D. ; Durfee, G. E. ; Shankar, N.; Smetters, D. K. ; Staddon, J. ; Wong, H. C. Secret handshakes from pairing-based key agreements. Proceedings of 2003 Symposium on Security and Privacy; 2003 May 11-14; Oakland; CA; USA. Piscataway NJ: IEEE; 2003; 180-196.