An attack is demonstrated on a previously proposed class of key agreement protocols. Analysis of the attack reveals that a small change in the construction of the protocols is sufficient to prevent the attack. The insight gained allows a generalisation of the class to a new design for conference key agreement protocols.

Cryptographic protocols for key establishment normally include some means to allow participants to ensure that a key is new and not replayed from an old protocol run. When the key is generated by a mutually trusted server this is usually achieved by sending with the key a quantity known to be new. A different general method for achieving freshness in this context is proposed. A number of specific example protocols are given which have some practical advantages over previous published protocols.

. This paper presents an attack on Gong's proposed collisionful hash function. The weaknesses of his method are studied and possible solutions are given. Some secure methods that require additional assumptions are also suggested. 1 Introduction Hash functions have been used for producing secure checksums since 1950's. A hash function maps an arbitrary length message into a fixed length message digest, and can be used for message integrity [1, 5, 8]. For this purpose, a sender calculates the message digest of the transmitting message and sends it appended to the message. The receiver verifies the checksum by recalculating it from the received message and comparing it with the received checksum. Another application is for protection against spoofing, where the checksum is protected by a key to thwart any modification by an opponent. This application has recently motivated the new term Keyed Hash Functions [3]. A keyed hash function uses a symmetric key and the checksum can only be calcul...

Current hash chain traversal techniques require that the intermediate links of the hash chain be stored secretly on a trusted storage. This requirement is undesirable in several applications. We propose a new construction of hash chains based on inserting a ‘breakpoint ’ after fixed number of links in the chain. We also propose a method with which the current hash chain traversal techniques can be applied to our construction without any significant changes in the storage and computation requirements and with the added advantage that the intermediate links may be stored on a public and non-trusted storage. We are also able to prove the security of our construction by replacing the hash function with a MAC function. 1

Hash Chains are used extensively in various cryptographic systems such as onetime passwords, server supported signatures, secure address resolution, certificate revocation, micropayments etc. However, currently they suffer from the limitation that they have a finite number of links which when exhausted requires the system to be re-initialized. In this paper, we present a new kind of hash chain which we call a Re-initializable Hash Chain (RHC). A RHC has the property that if its links are exhausted, it can be securely re-initialized in a non-repudiable manner to result in another RHC. This process can be continued indefinitely to give rise to an infinite length hash chain, or more precisely, an infinite number of finite length hash chains tied together. Finally we illustrate how a conventional hash chain (CHC) may be profitable replaced with a RHC in cryptographic systems. 1

. This paper presents an attack on Anderson and Lomas's proposed password-based authenticated key exchange protocol that uses collisionful hash functions. The weaknesses of the protocol when an old session key is compromised are studied and alternative solutions are given. 1 Introduction Cryptographic hash functions are used for providing security in a wide range of applications [2, 8]. A collision-free hash function uniformly maps an arbitrary length message into a fixed length message digest, so that, finding two distinct messages that produce the same digest is computationally infeasible. This property of hash functions is used to provide data integrity. A typical application of hash functions is to generate a checksum of a message whose integrity needs to be protected. Additionally, one can incorporate a secret key in the hashing process function to provide protection against an active intruder who wishes to modify the message or impersonate the message originator. Such functions ...