论文信息 - On security analysis of an after-the-fact leakage resilient key exchange protocol

On security analysis of an after-the-fact leakage resilient key exchange protocol

In this paper, we revisit the security result of an authenticated key exchange (AKE) scheme proposed in AsiaCCS'14 by Alawatugoda, Stebila and Boyd (which is referred to as ASB scheme). The ASB scheme is proved to be secure in a new bounded (continuous) after-the-fact leakage extended Canetti-Krawczyk (B(C)AFL-eCK) model without random oracles, where the B(C)AFL-eCK is extended from the eCK model. However we disprove their security results. We first show an attack against ASB scheme in the eCK model. This also implies that the insecurity of ASB scheme in the B(C)AFL-eCK model. Secondly we point out that the security of ASB scheme is incorrectly reduced to DDH assumption. A solution is proposed to fix the problem of ASB scheme with minimum changes, which yields a new ASB' scheme. We prove the eCK security of ASB' in the random oracle model under Gap Diffie-Hellman assumption. We point out that the ASB scheme is not secure in the model which is claimed by the authors, via showing an attack in that model.We propose a solution to avoid such attack is given.We show that the even improved ASB scheme cannot be reduced to Decisional Diffie-Hellman (DDH) assumption.We re-prove the improved ASB scheme based on Gap Diffie-Hellman problem under random oracle model.

Zheng Yang | Shuangqing Li

[1] Raphael C.-W. Phan,et al. Cryptanalysis of a Provably Secure Cross-Realm Client-to-Client Password-Authenticated Key Agreement Protocol of CANS '09 , 2011, CANS.

[2] Colin Boyd,et al. Modelling after-the-fact leakage for key exchange , 2014, IACR Cryptol. ePrint Arch..

[3] Hugo Krawczyk,et al. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[4] Hugo Krawczyk,et al. HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[5] Zheng Yang,et al. Efficient eCK-secure Authenticated Key Exchange Protocols in the Standard Model , 2013, IACR Cryptol. ePrint Arch..

[6] David Pointcheval,et al. The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.

[7] Colin Boyd,et al. Errors in Computational Complexity Proofs for Protocols , 2005, ASIACRYPT.

[8] Kristin E. Lauter,et al. Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[9] Raphael C.-W. Phan,et al. Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) , 2008, Inf. Sci..

[10] Mihir Bellare,et al. Entity Authentication and Key Distribution , 1993, CRYPTO.

[11] Dongho Won,et al. Security Improvement on a Group Key Exchange Protocol for Mobile Networks , 2011, ICCSA.