Authenticated Key Exchange Protocol in the Standard Model under Weaker Assumptions

A two-party authenticated key exchange (AKE) protocol allows each of the two parties to share a common secret key over insecure channels even in the presence of active adversaries who can actively control and modify the exchanged messages. To capture the various kind of malicious behaviors of the adversaries, there have been lots of efforts to define the security models. Amongst them, the extended Canetti-Krawczyk (eCK) security model is considered as one of the strongest ones and widely adopted. In this paper, we present a pairing-based eCK-secure AKE protocol in the standard model. The underlying assumptions of our construction are the hardness of the decisional bilinear Diffie-Hellman (DBDH) problem and the existence of pseudorandom functions. It is notable that the previous constructions either relied their security on random oracles or used somewhat strong assumptions such as the existence of strong-pseudorandom functions. We believe our construction is well-suited for real-world implementations such as the TLS protocol suite since our construction is simple and based on standard assumptions without random oracles.

[1]  Tatsuaki Okamoto,et al.  Leakage resilient eCK-secure key exchange protocol without random oracles , 2011, ASIACCS '11.

[2]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[3]  Tatsuaki Okamoto,et al.  An eCK-Secure Authenticated Key Exchange Protocol without Random Oracles , 2009, ProvSec.

[4]  Zheng Yang,et al.  Efficient eCK-secure Authenticated Key Exchange Protocols in the Standard Model , 2013, IACR Cryptol. ePrint Arch..

[5]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[6]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[7]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[8]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[9]  Atsushi Fujioka,et al.  Strongly Secure Authenticated Key Exchange without NAXOS' Approach under Computational Diffie-Hellman Assumption , 2012, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[10]  Berkant Ustaoglu,et al.  Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS , 2008, Des. Codes Cryptogr..

[11]  Douglas Stebila,et al.  Continuous After-the-Fact Leakage-Resilient eCK-Secure Key Exchange , 2015, IMACC.

[12]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[13]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.