### Table 1. Conjectured security attributes for one-round key agreement protocols

2007

### Table 1. Conjectured security attributes for one-round key agreement protocols

2007

### Table 1. Proposed two-party authenticated key agreement protocol.

"... In PAGE 5: ... Then, advantageE(k) = Pr[GoodGuessE(k)] 1 2 is negligible3. In the following we will show that the protocol described in Table1 is a secure OPAK protocol. 2 Intuitively, two oracles are said to have matching conversations if one of them is the initiator of an exchange of messages, and the messages sent by each of the two are identical to those received by the other, and are in the same temporal order.... In PAGE 6: ... Theorem 1. The protocol shown in Table1 is a secure OPAK protocol, provided that the CDH problem is computationally hard and H1, H2 are independent random oracles. Proof: See Appendix.... ..."

### Table 2: Comparable strengths Bits of security Symmetric key

2003

"... In PAGE 38: ... Additional Comments All NIST-recommended curves, key and modulus sizes must be tested to be used in a FIPS Approved mode of operation. For NIST-Recommended elliptic curves, the value of f is commonly considered to be the size of the private key ( Table2 , NIST SP 800-57). From this value the strength can be determined.... In PAGE 65: ...6.1, Comparable Algorithm Strength, contains Table2 , which provides comparable security strengths for the Approved algorithms. Table 2: Comparable strengths Bits of security Symmetric key ... In PAGE 65: ... A 256- bit AES key transport key could be used to wrap a 256-bit AES key. For key strengths not listed in Table2 above, the correspondence between the length of an RSA or a Diffie- Hellman key and the length of a symmetric key of an identical strength can be computed as: If the length of an RSA key L (this is the value of k in the fourth column of Table 2 above), then the length x of a symmetric key of approximately the same strength can be computed as: NIST CMVP Page 65 of 86 ... In PAGE 65: ... A 256- bit AES key transport key could be used to wrap a 256-bit AES key. For key strengths not listed in Table 2 above, the correspondence between the length of an RSA or a Diffie- Hellman key and the length of a symmetric key of an identical strength can be computed as: If the length of an RSA key L (this is the value of k in the fourth column of Table2 above), then the length x of a symmetric key of approximately the same strength can be computed as: NIST CMVP Page 65 of 86 ... ..."

### Table 2. Performance comparison of one-round key agreement protocols

2007

"... In PAGE 6: ...The computational efiort required by each principal in the above protocols is reported in Table2 . Column one counts the number of exponentiations while column two shows the number of fleld multiplications.... ..."

### Table 2. Performance comparison of one-round key agreement protocols

2007

"... In PAGE 6: ...The computational effort required by each principal in the above protocols is reported in Table2 . Column one counts the number of exponentiations while column two shows the number of field multiplications.... ..."

### Table 1. Summaries of certificate-based tripartite key agreement protocols

"... In PAGE 5: ....4. Efficiency analysis This section analyzes the efficiency of our improved scheme and its counterparts. Ac- cording to the Table1 , both our improved protocol and TAKC use signatures. To make a comparison, we assume the two schemes use the same signature and verification scheme.... ..."

Cited by 2

### Table 8.1. Ideal l for the final key agreement protocol

Cited by 4

### Table 2. Implemented Security Modules

1998

"... In PAGE 11: ....3.4 Security Modules and Protocols While QoS mapping mechanisms for user and abstract application requirements have not been implemented com- pletely, the Da CaPo++ middleware offers different secu- rity modules and protocols, allowing to show their usability in the context of multimedia protocols. Modules for key agreement, privacy, and authentication are pro- vided (see Table2 ). Note that MD4 is not practically used anymore, since it has been broken in the meantime, and DH for agreement on a shared secret is only usable in con- junction with RC4.... ..."

Cited by 3

### Table 1: Sizes of BF and BB1 Parameters Required to Attain Standard Levels of Bit Security [SP800-57].

2006

"... In PAGE 58: ... The 128-bit levels and higher are suitable for use in the transport of Advanced Encryption Standard (AES) keys of the corresponding length or less and are adequate to protect information whose useful life extends past the year 2030. Table1 summarizes the security parameters for the BF and BB1 algorithms that will attain these levels of security. In this table, |p| represents the number of bits in a prime number p, and |q| represents the number of bits in a subprime q.... ..."

Cited by 2