The Full Wiki

MQV: Wikis
  

Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.

Encyclopedia

Updated live from Wikipedia, last check: May 18, 2013 20:11 UTC (44 seconds ago)

From Wikipedia, the free encyclopedia

MQV (Menezes-Qu-Vanstone) is an authenticated protocol for key agreement based on the Diffie-Hellman scheme. Like other authenticated Diffie-Hellman schemes, MQV provides protection against an active attacker. The protocol can be modified to work in an arbitrary finite group, and, in particular, elliptic curve groups, where it is known as elliptic curve MQV (ECMQV).

MQV was initially proposed by Menezes, Qu and Vanstone in 1995. It was modified with Law and Solinas in 1998. There are one-, two- and three-pass variants.

MQV is incorporated in the public-key standard IEEE P1363.

Some variants of MQV are claimed in patents assigned to Certicom [1].

MQV has some weaknesses that were fixed by HMQV in 2005 [2]; see [3], [4], [5] for an alternative viewpoint.

ECMQV has been dropped from the National Security Agency's Suite B set of cryptographic standards.

Both MQV and HMQV have weaknesses, that are fixed in the FHMQV protocol (see [6])

Contents

Description

Alice has a key pair (A,a) with A her public key and a her private key and Bob has the key pair (B,b) with B his public key and b his private key.

Step Operation
1 Alice generate a key pair (X,x) by generating randomly x and calculating X=xP with P a point on an elliptic curve.
2 Bob generate a key pair (Y,y) by the same way than Alice.
3 Now, Alice calculate Sa = x + Xa(mod n). and send X to Bob.
4 Bob calculate Sb = y + Xb(mod n)..
5 Alice calculate K = h * Sa(X + xL) and Bob calculate K = h * Sa(Y + yL) with xL and yL the first L bits of x and y where L = \lceil \frac{(\lceil log_2 n \rceil)+1}{2} \rceil and where h is the cofactor (generally 4 for ECMQV)
6 The communication of secret K was successful

See also

References

  • Burton S. Kaliski Jr., An unknown key-share attack on the MQV key agreement protocol. ACM Trans. Inf. Syst. Secur. 4(3): pp275–288 (2001)
  • Laurie Law, Alfred Menezes, Minghua Qu, Jerry Solinas, Scott A. Vanstone, An Efficient Protocol for Authenticated Key Agreement. Des. Codes Cryptography 28(2): pp119–134 (2003)
  • Peter J. Leadbitter, Nigel P. Smart: Analysis of the Insecurity of ECMQV with Partially Known Nonces. ISC 2003: pp240–251
  • A. Menezes, M. Qu, and S. Vanstone, Some new key agreement protocols providing implicit authentication, Preproceedings of Workshops on Selected Areas in Cryptography (1995).

External links

 
Public-key cryptography

Standardization: ANS X9F1 | CRYPTREC | IEEE P1363 | NESSIE | NSA Suite B
 
Cryptography

Simple English

MQV (Menezes-Qu-Vanstone) is an authenticated protocol for key agreement based on the Diffie-Hellman scheme. MQV provides protection against an active attacker.

References

  • Burton S. Kaliski Jr., An unknown key-share attack on the MQV key agreement protocol. ACM Trans. Inf. Syst. Secur. 4(3): pp275–288 (2001)
  • Laurie Law, Alfred Menezes, Minghua Qu, Jerry Solinas, Scott A. Vanstone, An Efficient Protocol for Authenticated Key Agreement. Des. Codes Cryptography 28(2): pp119–134 (2003)
  • Peter J. Leadbitter, Nigel P. Smart: Analysis of the Insecurity of ECMQV with Partially Known Nonces. ISC 2003: pp240–251
  • A. Menezes, M. Qu, and S. Vanstone, Some new key agreement protocols providing implicit authentication, Preproceedings of Workshops on Selected Areas in Cryptography (1995).

Other websites

Retrieved from "http://yak.rapint.com/wiki/MQV"







Got something to say? Make a comment.
Your name
Your email address
Message