SIGMA: the SIGn‑and‑MAc approach to authenticated Diffie‑Hellman

E831959

"SIGMA: the SIGn‑and‑MAc approach to authenticated Diffie‑Hellman" is a foundational cryptographic protocol framework that securely combines digital signatures and message authentication codes to provide authenticated key exchange in Diffie‑Hellman–based systems and underlies the design of several widely used Internet security protocols.

All labels observed (1)

How this entity was disambiguated

Statements (43)

Predicate Object
instanceOf authenticated key exchange protocol
cryptographic protocol framework
abbreviationOf SIGn‑and‑MAc NERFINISHED
aimsToAvoid identity misbinding attacks
key‑control by an adversary
unknown key‑share attacks
basedOn Diffie‑Hellman key exchange NERFINISHED
category key establishment
protocol design framework
public‑key cryptography
component Diffie‑Hellman exponentials exchanged between parties
MACs keyed with the derived Diffie‑Hellman secret
digital signatures on protocol data
designedFor Internet security protocols
designGoal clean separation between authentication and key derivation
efficiency in number of rounds and computations
support for identity protection of initiator and responder
goal securely combine signatures and MACs in Diffie‑Hellman key exchange
influenced IKEv2 NERFINISHED
TLS key exchange designs
other authenticated Diffie‑Hellman protocols
notableFeature generic template that can be instantiated with different primitives
influential in the theory and practice of AKE protocols
property explicit key confirmation (in suitable instantiations)
resistance to key‑compromise impersonation (KCI) in standard models
resistance to man‑in‑the‑middle attacks
resistance to replay attacks
provides authenticated key exchange
forward secrecy
identity protection
mutual authentication
reliesOn hardness of the Diffie‑Hellman problem
security of underlying MAC scheme
security of underlying signature scheme
securityModel provable security under standard cryptographic assumptions
structure sign‑then‑MAC design pattern
use of MACs over transcript including identities and Diffie‑Hellman values
supports different Diffie‑Hellman groups
various authentication methods via signatures
usedIn IPsec key management designs
Internet Key Exchange protocols NERFINISHED
uses digital signatures
message authentication codes

How these facts were elicited

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

Hugo Krawczyk notableWork SIGMA: the SIGn‑and‑MAc approach to authenticated Diffie‑Hellman