Credential authenticated identification and key exchange

Jan Camenisch, Nathalie Casati, Thomas Gross, Victor Shoup

Research output: Chapter in Book/Report/Conference proceedingConference contribution


This paper initiates a study of two-party identification and key-exchange protocols in which users authenticate themselves by proving possession of credentials satisfying arbitrary policies, instead of using the more traditional mechanism of a public-key infrastructure. Definitions in the universal composability framework are given, and practical protocols satisfying these definitions, for policies of practical interest, are presented. All protocols are analyzed in the common reference string model, assuming adaptive corruptions with erasures, and no random oracles. The new security notion includes password-authenticated key exchange as a special case, and new, practical protocols for this problem are presented as well, including the first such protocol that provides resilience against server compromise (without random oracles).

Original languageEnglish (US)
Title of host publicationAdvances in Cryptology - CRYPTO 2010 - 30th Annual Cryptology Conference, Proceedings
Number of pages22
StatePublished - 2010
Event30th Annual International Cryptology Conference, CRYPTO 2010 - Santa Barbara, CA, United States
Duration: Aug 15 2010Aug 19 2010

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6223 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other30th Annual International Cryptology Conference, CRYPTO 2010
Country/TerritoryUnited States
CitySanta Barbara, CA

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Credential authenticated identification and key exchange'. Together they form a unique fingerprint.

Cite this