[Resource Topic] 2020/1279: Tightly-Secure Authenticated Key Exchange, Revisited

Welcome to the resource topic for 2020/1279

Title:
Tightly-Secure Authenticated Key Exchange, Revisited

Authors: Tibor Jager, Eike Kiltz, Doreen Riepel, Sven Schäge

Abstract:

We introduce new tightly-secure authenticated key exchange (AKE) protocols that are extremely efficient, yet have only a constant security loss and can be instantiated in the random oracle model both from the standard DDH assumption and a subgroup assumption over RSA groups. These protocols can be deployed with optimal parameters, independent of the number of users or sessions, without the need to compensate a security loss with increased parameters and thus decreased computational efficiency. We use the standard “Single-Bit-Guess” AKE security (with forward secrecy and state corruption) requiring all challenge keys to be simultaneously pseudo-random. In contrast, most previous papers on tightly secure AKE protocols (Bader et al., TCC 2015; Gjøsteen and Jager, CRYPTO 2018; Liu et al., ASIACRYPT 2020) concentrated on a non-standard “Multi-Bit-Guess” AKE security which is known not to compose tightly with symmetric primitives to build a secure communication channel. Our key technical contribution is a new generic approach to construct tightly-secure AKE protocols based on non-committing key encapsulation mechanisms. The resulting DDH-based protocols are considerably more efficient than all previous constructions.

ePrint: https://eprint.iacr.org/2020/1279

Talk: https://www.youtube.com/watch?v=JtsojX_sBxo

Slides: https://iacr.org/submit/files/slides/2021/eurocrypt/eurocrypt2021/88/slides.pdf

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .