International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Justifying Standard Parameters in the TLS 1.3 Handshake

Authors:
Hannah Davis
Denis Diemert
Felix Günther
Tibor Jager
Download:
Search ePrint
Search Google
Presentation: Slides
Abstract: Established security bounds for the TLS 1.3 full (1-RTT) and pre-shared key (PSK) handshake protocols grow quadratically with the total number of handshakes across all users. Due to the pervasive use of TLS, these bounds are so loose that they give no guarantees for the standardized parameters used in practice. We give new proofs and concrete bounds that justify the use of these parameters both in principle and in practice. We also discuss the pitfalls that arise when trying to capture the TLS 1.3 key schedule within the random oracle model.
BibTeX
@misc{rwc-2022-35488,
  title={Justifying Standard Parameters in the TLS 1.3 Handshake},
  note={Presentation at \url{https://iacr.org/submit/files/slides/2022/rwc/rwc2022/27/slides.pptx}},
  howpublished={Talk given at RWC 2022},
  author={Hannah Davis and Denis Diemert and Felix Günther and Tibor Jager},
  year=2022
}