The YAK is a public-key authenticated key agreement protocol. It is considered the simplest among the related protocols, including MQV, HMQV, Station-to-Station protocol, SSL/TLS etc. The authentication is based on public key pairs. As with other protocols, YAK normally requires a Public Key Infrastructure to distribute authentic public keys to the communicating parties. The author suggests that YAK may be unencumbered by patent.
Contents
Description
Two parties, Alice and Bob, agree on a group
Alice selects
The above communication can be completed in one round as neither party depends on the other. When it finishes, Alice and Bob verify the received zero-knowledge proofs. Alice then computes
Security properties
Given that the underlying zero knowledge proof primitive is secure, the YAK protocol is proved to fulfill the following properties.
- Private key security – An attacker cannot learn the user's static private key even if he is able to learn all session specific secrets in any compromised session.
- Full forward secrecy – Session keys that were securely established in the past uncorrupted sessions will remain incomputable in the future even when both users' static private keys are disclosed.
- Session key security – An attacker cannot compute the session key if he impersonates a user but has no access to the user's private key.