Tightly-Secure Authenticated Key Exchange

We construct the first Authenticated Key Exchange (AKE) protocol whose security does not degrade with an increasing number of users or sessions. We describe a three-message protocol and prove security in an enhanced version of the classical Bellare-Rogaway security model.

[1]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[2]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[3]  Moti Yung,et al.  Concise Multi-challenge CCA-Secure Encryption and Signatures with Almost Tight Security , 2014, ASIACRYPT.

[4]  Silvio Micali,et al.  Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements , 2000, EUROCRYPT.

[5]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[6]  Serge Vaudenay,et al.  Authenticated Multi-Party Key Agreement , 1996, ASIACRYPT.

[7]  Eike Kiltz,et al.  (Hierarchical) Identity-Based Encryption from Affine Message Authentication , 2014, CRYPTO.

[8]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[9]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[10]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[11]  Tibor Jager,et al.  On the Security of TLS-DHE in the Standard Model , 2012, CRYPTO.

[12]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[13]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[14]  Daniel J. Bernstein Proving Tight Security for Rabin-Williams Signatures , 2008, EUROCRYPT.

[15]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[16]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[17]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[18]  Ryo Nishimaki,et al.  Tagged One-Time Signatures: Tight Security and Optimal Tag Size , 2013, Public Key Cryptography.

[19]  Sven Schäge,et al.  Tight Proofs for Signature Schemes without Random Oracles , 2011, EUROCRYPT.

[20]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[21]  Colin Boyd,et al.  Modeling Key Compromise Impersonation Attacks on Group Key Exchange Protocols , 2009, Public Key Cryptography.

[22]  Alfred Menezes,et al.  Authenticated Diffie-Hellman Key Agreement Protocols , 1998, Selected Areas in Cryptography.

[23]  Alfred Menezes,et al.  Security of Signature Schemes in a Multi-User Setting , 2004, Des. Codes Cryptogr..

[24]  Alfred Menezes,et al.  Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol , 1999, Public Key Cryptography.

[25]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[26]  Jonathan Katz,et al.  Efficient Signature Schemes with Tight Reductions to the Diffie-Hellman Problems , 2007, Journal of Cryptology.

[27]  Tibor Jager,et al.  Tightly secure signatures and public-key encryption , 2012, Designs, Codes and Cryptography.

[28]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[29]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[30]  Christoph Bader Efficient Signatures with Tight Real World Security in the Random-Oracle Model , 2014, CANS.

[31]  Hoeteck Wee,et al.  Fully, (Almost) Tightly Secure IBE and Dual System Groups , 2013, CRYPTO.

[32]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[33]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.