The OPTLS Protocol and TLS 1.3

Hugo Krawczyk 1 Hoeteck Wee 2, 3
2 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, ENS Paris - École normale supérieure - Paris, CNRS - Centre National de la Recherche Scientifique : UMR 8548, Inria de Paris
Abstract : We present the OPTLS key-exchange protocol, its design, rationale and cryptographic analysis. OPTLS design has been motivated by the ongoing work in the TLS working group of the IETF for specifying TLS 1.3, the next-generation TLS protocol. The latter effort is intended to revamp the security of TLS that has been shown inadequate in many instances as well as to add new security and functional features. The main additions that influence the cryptographic design of TLS 1.3 (hence also of OPTLS) are a new "0-RTT requirement" (0-RTT stands for "zero round trip time") to allow clients that have previously retrieved or cached the public key of the server to send protected data already in the first flow of the protocol, making perfect forward secrecy (PFS) a mandatory requirement, and moving to elliptic curves as the main cryptographic basis for the protocol (for performance and security reasons). Accommodating these requirements calls for moving away from the RSA-centric design of TLS in favor of a protocol based on Diffie-Hellman techniques. OPTLS offers a simple design framework that supports all the above requirements from the protocol with a uniform and modular logic that helps in the specification, analysis, performance optimization, and future maintenance of the protocol. The current (draft) specification of TLS 1.3 builds upon the OPTLS framework as a basis for the cryptographic core of the handshake protocol adapting the different modes of OPTLS to the TLS 1.3 context.
Type de document :
Communication dans un congrès
EuroS&P 2016 - IEEE European Symposium on Security and Privacy, Mar 2016, Saarbrücken, Germany. 2016, 〈10.1109/EuroSP.2016.18〉
Liste complète des métadonnées
Contributeur : Hoeteck Wee <>
Soumis le : dimanche 9 octobre 2016 - 11:53:36
Dernière modification le : jeudi 11 janvier 2018 - 06:28:02




Hugo Krawczyk, Hoeteck Wee. The OPTLS Protocol and TLS 1.3. EuroS&P 2016 - IEEE European Symposium on Security and Privacy, Mar 2016, Saarbrücken, Germany. 2016, 〈10.1109/EuroSP.2016.18〉. 〈hal-01378195〉



Consultations de la notice