Designs, Codes and Cryptography

, Volume 76, Issue 3, pp 469–504

Strongly secure authenticated key exchange from factoring, codes, and lattices

  • Atsushi Fujioka
  • Koutarou Suzuki
  • Keita Xagawa
  • Kazuki Yoneyama
Article

DOI: 10.1007/s10623-014-9972-2

Cite this article as:
Fujioka, A., Suzuki, K., Xagawa, K. et al. Des. Codes Cryptogr. (2015) 76: 469. doi:10.1007/s10623-014-9972-2

Abstract

An unresolved problem in research on authenticated key exchange (AKE) in the public-key setting is to construct a secure protocol against advanced attacks such as key compromise impersonation and maximal exposure attacks without relying on random oracles. HMQV, a state of the art AKE protocol, achieves both efficiency and the strong security proposed by Krawczyk (we call it the \({\mathrm {CK}}^+\) model), which includes resistance to advanced attacks. However, the security proof is given under the random oracle model. We propose a generic construction of AKE from a key encapsulation mechanism (KEM). The construction is based on a chosen-ciphertext secure KEM, and the resultant AKE protocol is \({\mathrm {CK}}^+\) secure in the standard model. The construction gives the first \({\mathrm {CK}}^+\) secure AKE protocols based on the hardness of integer factorization problem, code-based problems, or learning problems with errors. In addition, instantiations under the Diffie–Hellman assumption or its variant can be proved to have strong security without non-standard assumptions such as \(\pi \)PRF and KEA1. Furthermore, we extend the \({\mathrm {CK}}^+\) model to identity-based (called the \({\hbox {id-CK}^+}\) model), and propose a generic construction of identity-based AKE (ID-AKE) based on identity-based KEM, which satisfies \({\hbox {id-CK}^+}\) security. The construction leads first strongly secure ID-AKE protocols under the hardness of integer factorization problem, or learning problems with errors.

Keywords

Authenticated key exchange \({\mathrm {CK}}^+\) model Key encapsulation mechanism Identity-based authenticated key exchange 

Mathematics Subject Classification

94A60 Cryptography 

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Atsushi Fujioka
    • 1
  • Koutarou Suzuki
    • 2
  • Keita Xagawa
    • 2
  • Kazuki Yoneyama
    • 2
  1. 1.Kanagawa UniversityYokohama-shiJapan
  2. 2.NTT Secure Platform LaboratoriesMusashino-shiJapan

Personalised recommendations