A practical strongly secure one-round authenticated key exchange protocol without random oracles

Most recently, a variant of extended Canetti-Krawczyk model called as eCKw is introduced to provide stronger security than previous eCK models. Namely eCKw models formulate a stronger notion regarding weak perfect forward secrecy than other eCK models. In particular, any eCKw secure protocols can be generally transformed to achieve full provide perfect forward secrecy without requiring additional round. So far, there is no protocol which has been proven secure in the eCKw model without random oracles. In this paper, we study the open problem on constructing eCKw secure AKE protocol in the standard model. A new one-round AKE protocol is introduced relying on standard cryptographic primitives and a variant of bilinear decisional Diffie-Hellman assumption. The main advantage of our proposal is its high efficiency in key exchange in contrast to the previous eCK secure protocols without random oracles and under post-specified peer setting. Copyright © 2014 John Wiley & Sons, Ltd.

[1]  Atsushi Fujioka,et al.  Strongly Secure Authenticated Key Exchange from Factoring, Codes, and Lattices , 2012, Public Key Cryptography.

[2]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[3]  Hai Huang Authenticated key exchange protocol under computational Diffie-Hellman assumption from trapdoor test technique , 2015, Int. J. Commun. Syst..

[4]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[5]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[6]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[7]  Tatsuaki Okamoto,et al.  Authenticated Key Exchange and Key Encapsulation in the Standard Model , 2007, ASIACRYPT.

[8]  Kenneth G. Paterson,et al.  RKA Security beyond the Linear Barrier: IBE, Encryption and Signatures , 2012, IACR Cryptol. ePrint Arch..

[9]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[10]  Xinsong Liu,et al.  Cryptanalysis of a dynamic ID-based remote user authentication with key agreement scheme , 2012, Int. J. Commun. Syst..

[11]  Alfred Menezes,et al.  Comparing the pre- and post-specified peer models for key agreement , 2009, Int. J. Appl. Cryptogr..

[12]  Tibor Jager,et al.  On the Security of TLS-DHE in the Standard Model , 2012, CRYPTO.

[13]  S. Micali,et al.  How To Construct Randolli Functions , 1984, FOCS 1984.

[14]  Berkant Ustaoglu,et al.  Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS , 2008, Des. Codes Cryptogr..

[15]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[16]  Eike Kiltz,et al.  Practical Chosen Ciphertext Secure Encryption from Factoring , 2009, EUROCRYPT.

[17]  Cas J. F. Cremers,et al.  Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal , 2012, ESORICS.

[18]  Kenneth G. Paterson,et al.  Efficient One-Round Key Exchange in the Standard Model , 2008, ACISP.

[19]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[20]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[21]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[22]  Zheng Yang,et al.  Efficient eCK-secure Authenticated Key Exchange Protocols in the Standard Model , 2013, IACR Cryptol. ePrint Arch..

[23]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[24]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[25]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[26]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[27]  Jean-Claude Bajard,et al.  A New Security Model for Authenticated Key Agreement , 2010, SCN.

[28]  Atsushi Fujioka,et al.  Strongly Secure Authenticated Key Exchange without NAXOS' Approach under Computational Diffie-Hellman Assumption , 2012, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[29]  Tatsuaki Okamoto,et al.  An eCK-secure Authenticated Key Exchange Protocol without Random Oracles , 2009, KSII Trans. Internet Inf. Syst..

[30]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[31]  Emmanuel Bresson,et al.  Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions , 2002, EUROCRYPT.

[32]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[33]  Jacob T. Schwartz,et al.  Fast Probabilistic Algorithms for Verification of Polynomial Identities , 1980, J. ACM.

[34]  Tibor Jager,et al.  Short Signatures From Weaker Assumptions , 2011, IACR Cryptol. ePrint Arch..

[35]  Qi Xie A new authenticated key agreement for session initiation protocol , 2012, Int. J. Commun. Syst..

[36]  Kenneth G. Paterson,et al.  Non-Interactive Key Exchange , 2012, IACR Cryptol. ePrint Arch..

[37]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[38]  Colin Boyd,et al.  Examining Indistinguishability-Based Proof Models for Key Establishment Protocols , 2005, ASIACRYPT.

[39]  Alfred Menezes,et al.  Comparing the Pre- and Post-specified Peer Models for Key Agreement , 2008, ACISP.

[40]  Colin Boyd,et al.  On Forward Secrecy in One-Round Key Exchange , 2011, IMACC.

[41]  Kazuki Yoneyama One-Round Authenticated Key Exchange with Strong Forward Secrecy in the Standard Model against Constrained Adversary , 2012, IWSEC.

[42]  Zheng Yang,et al.  Strongly Authenticated Key Exchange Protocol from Bilinear Groups without Random Oracles , 2012, IACR Cryptol. ePrint Arch..