Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, EpiSciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Skip to Main content Skip to Navigation
Conference papers

The OPTLS Protocol and TLS 1.3

Hugo Krawczyk 1 Hoeteck Wee 2, 3 
2 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique - ENS Paris, CNRS - Centre National de la Recherche Scientifique : UMR 8548, Inria de Paris
Abstract : We present the OPTLS key-exchange protocol, its design, rationale and cryptographic analysis. OPTLS design has been motivated by the ongoing work in the TLS working group of the IETF for specifying TLS 1.3, the next-generation TLS protocol. The latter effort is intended to revamp the security of TLS that has been shown inadequate in many instances as well as to add new security and functional features. The main additions that influence the cryptographic design of TLS 1.3 (hence also of OPTLS) are a new "0-RTT requirement" (0-RTT stands for "zero round trip time") to allow clients that have previously retrieved or cached the public key of the server to send protected data already in the first flow of the protocol, making perfect forward secrecy (PFS) a mandatory requirement, and moving to elliptic curves as the main cryptographic basis for the protocol (for performance and security reasons). Accommodating these requirements calls for moving away from the RSA-centric design of TLS in favor of a protocol based on Diffie-Hellman techniques. OPTLS offers a simple design framework that supports all the above requirements from the protocol with a uniform and modular logic that helps in the specification, analysis, performance optimization, and future maintenance of the protocol. The current (draft) specification of TLS 1.3 builds upon the OPTLS framework as a basis for the cryptographic core of the handshake protocol adapting the different modes of OPTLS to the TLS 1.3 context.
Document type :
Conference papers
Complete list of metadata
Contributor : Hoeteck Wee Connect in order to contact the contributor
Submitted on : Sunday, October 9, 2016 - 11:53:36 AM
Last modification on : Wednesday, June 8, 2022 - 12:50:03 PM




Hugo Krawczyk, Hoeteck Wee. The OPTLS Protocol and TLS 1.3. EuroS&P 2016 - IEEE European Symposium on Security and Privacy, Mar 2016, Saarbrücken, Germany. ⟨10.1109/EuroSP.2016.18⟩. ⟨hal-01378195⟩



Record views