Secret handshakes from pairing-based key agreements
Consider a CIA agent who wants to authenticate herself to
a server, but does not want to reveal her CIA credentials unless the server is
a genuine CIA outlet. Consider also that the CIA server does not want to reveal
its CIA credentials to anyone but CIA agents -- not
even to other CIA servers.
In this paper we first show how pairing-based cryptography
can be used to implement such secret handshakes. We then propose a
formal definition for secure secret handshakes, and prove that our pairing-based
schemes are secure under the Bilinear Diffie-Hellman
assumption. Our protocols support role-based group membership authentication,
traceability, indistinguishability to eavesdroppers, unbounded
collusion resistance, and forward repudiability.
Our secret-handshake scheme can be implemented as a TLS
cipher suite. We report on the performance of our preliminary Java
implementation.