One-Round Deniable Key Exchange with Perfect Forward Security

In response to the need for secure one-round authenticated key exchange protocols providing both perfect forward secrecy and full deniability, we put forward a new paradigm for constructing protocols from a Diffie-Hellman type protocol plus a non-interactive designated verifier proof of knowledge (DV-PoK) scheme. We define the notion of DV-PoK which is a variant of non-interactive zero-knowledge proof of knowledge, and provide an efficient DVPoK scheme as a central technical building block of our protocol. The DV-PoK scheme possesses nice properties such as unforgeability and symmetry which help our protocol to achieve perfect forward secrecy and full deniability respectively. Moreover, the security properties are formally proved in the Canetti-Krawczyk model under the Gap Diffie-Hellman assumption. In sum, our protocol offers a remarkable combination of salient security properties and efficiency, and the notion of DV-PoK is of independent interests.

[1]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[2]  Kenneth G. Paterson,et al.  Key Agreement Using Statically Keyed Authenticators , 2004, ACNS.

[3]  Yunlei Zhao,et al.  Deniable Internet Key Exchange , 2010, ACNS.

[4]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[5]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[6]  Reihaneh Safavi-Naini,et al.  An Efficient Deniable Key Exchange Protocol (Extended Abstract) , 2008, Financial Cryptography.

[7]  Min Xie,et al.  One-round identity-based key exchange with Perfect Forward Security , 2012, Inf. Process. Lett..

[8]  Cas J. F. Cremers,et al.  One-round Strongly Secure Key Exchange with Perfect Forward Secrecy and Deniability , 2011, IACR Cryptol. ePrint Arch..

[9]  Hugo Krawczyk,et al.  Secure off-the-record messaging , 2005, WPES '05.

[10]  Shaoquan Jiang Timed Encryption with Application to Deniable Key Exchange , 2012, TAMC.

[11]  Hugo Krawczyk,et al.  Okamoto-Tanaka Revisited: Fully Authenticated Diffie-Hellman with Minimal Overhead , 2010, ACNS.

[12]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[13]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[14]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[15]  Feng Hao On robust key agreement based on public key authentication , 2014 .

[16]  D. Boneh,et al.  Short Signatures from the Weil Pairing , 2001, Journal of Cryptology.

[17]  Dong Hoon Lee,et al.  One-Round Protocols for Two-Party Authenticated Key Exchange , 2004, ACNS.

[18]  Berkant Ustaoglu,et al.  Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS , 2008, Des. Codes Cryptogr..

[19]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[20]  Hugo Krawczyk,et al.  Deniable authentication and key exchange , 2006, CCS '06.

[21]  Colin Boyd,et al.  On Forward Secrecy in One-Round Key Exchange , 2011, IMACC.

[22]  Hugo Krawczyk,et al.  SKEME: a versatile secure key exchange mechanism for Internet , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[23]  Hassan M. Elkamchouchi,et al.  An efficient protocol for authenticated key agreement , 2011, 2011 28th National Radio Science Conference (NRSC).

[24]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.