Designs, Codes and Cryptography

, Volume 85, Issue 1, pp 145–173 | Cite as

Strong authenticated key exchange with auxiliary inputs

  • Rongmao Chen
  • Yi Mu
  • Guomin Yang
  • Willy Susilo
  • Fuchun Guo
Article

Abstract

Leakage attacks, including various kinds of side-channel attacks, allow an attacker to learn partial information about the internal secrets such as the secret key and the randomness of a cryptographic system. Designing a strong, meaningful, yet achievable security notion to capture practical leakage attacks is one of the primary goals of leakage-resilient cryptography. In this work, we revisit the modelling and design of authenticated key exchange (AKE) protocols with leakage resilience. We show that the prior works on this topic are inadequate in capturing realistic leakage attacks. To close this research gap, we propose a new security notion named leakage-resilient eCK model w.r.t. auxiliary inputs (\(\mathsf {AI\hbox {-}LR\text{-}eCK}\)) for AKE protocols, which addresses the limitations of the previous models. Our model allows computationally hard-to-invert leakage of both the long-term secret key and the randomness, and also addresses a limitation existing in most of the previous models where the adversary is disallowed to make leakage queries during the challenge session. As another major contribution of this work, we present a generic framework for the construction of AKE protocols that are secure under the proposed \(\mathsf {AI\hbox {-}LR\text{-}eCK}\) model. An instantiation based on the decision Diffie–Hellman (DDH) assumption in the standard model is also given to demonstrate the feasibility of our proposed framework.

Keywords

Authenticated key exchange Auxiliary input Strong randomness extractor Twisted pseudo-random function Smooth projective hash functions 

Mathematics Subject Classification

94A60 14G50 

References

  1. 1.
    Akavia A., Goldwasser S., Vaikuntanathan V.: Simultaneous hardcore bits and cryptography against memory attacks. In: TCC, pp. 474–495 (2009).Google Scholar
  2. 2.
    Alawatugoda J., Boyd C., Stebila D.: Continuous after-the-fact leakage-resilient key exchange. In: ACISP, pp. 258–273 (2014).Google Scholar
  3. 3.
    Alawatugoda J., Stebila D., Boyd C.: Modelling after-the-fact leakage for key exchange. In: ASIACCS, pp. 207–216 (2014).Google Scholar
  4. 4.
    Alwen J., Dodis Y., Wichs D.: Leakage-resilient public-key cryptography in the bounded-retrieval model. In: CRYPTO, pp. 36–54 (2009).Google Scholar
  5. 5.
    Bellare M., Rogaway P.: Entity authentication and key distribution. In: CRYPTO, pp. 232–249 (1993).Google Scholar
  6. 6.
    Bellare M., Canetti R., Krawczyk H.: A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract). In: ACM STOC, pp. 419–428 (1998).Google Scholar
  7. 7.
    Biham E., Shamir A.: Differential fault analysis of secret key cryptosystems. In: CRYPTO, pp. 513–525 (1997).Google Scholar
  8. 8.
    Bitansky N., Canetti R., Halevi S.: Leakage-tolerant interactive protocols. In: TCC, pp. 266–284 (2012).Google Scholar
  9. 9.
    Boyle E., Segev G., Wichs D.: Fully leakage-resilient signatures. J. Cryptol. 26(3), 513–558 (2013).MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Canetti R., Krawczyk H.: Analysis of key-exchange protocols and their use for building secure channels. In: EUROCRYPT, pp. 453–474 (2001).Google Scholar
  11. 11.
    Choo K.R., Boyd C., Hitchcock Y.: Examining indistinguishability-based proof models for key establishment protocols. In: ASIACRYPT, pp. 585–604 (2005).Google Scholar
  12. 12.
    Chow S.S.M., Dodis Y., Rouselakis Y., Waters B.: Practical leakage-resilient identity-based encryption from simple assumptions. In: ACM CCS, pp. 152–161 (2010).Google Scholar
  13. 13.
    Cramer R., Shoup V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: EUROCRYPT, pp. 45–64 (2002).Google Scholar
  14. 14.
    Dodis Y., Goldwasser S., Kalai Y.T., Peikert C., Vaikuntanathan V.: Public-key encryption schemes with auxiliary inputs. In: TCC, pp. 361–381 (2010).Google Scholar
  15. 15.
    Dodis Y., Haralambiev K., López-Alt A., Wichs D.: Efficient public-key cryptography in the presence of key leakage. In: ASIACRYPT, pp. 613–631 (2010).Google Scholar
  16. 16.
    Dodis Y., Kalai Y.T., Lovett S.: On cryptography with auxiliary input. In: ACM STOC, pp. 621–630 (2009).Google Scholar
  17. 17.
    Dodis Y., Pietrzak K.: Leakage-resilient pseudorandom functions and side-channel attacks on feistel networks. In: CRYPTO, pp. 21–40 (2010).Google Scholar
  18. 18.
    Entity authentication mechanisms-part3: Entity authentication using asymmetric techniques. ISO/IEC IS 9789-3 (1993).Google Scholar
  19. 19.
    Faust S., Hazay C., Nielsen J.B., Nordholt P.S., Zottarel A.: Signature schemes secure against hard-to-invert leakage. In: ASIACRYPT, pp. 98–115 (2012).Google Scholar
  20. 20.
    Faust S., Pietrzak K., Schipper J.: Practical leakage-resilient symmetric cryptography. In: CHES, pp. 213–232 (2012).Google Scholar
  21. 21.
    Fujioka A., Suzuki K., Xagawa K., Yoneyama K.: Strongly secure authenticated key exchange from factoring, codes, and lattices. In: PKC, pp. 467–484 (2012).Google Scholar
  22. 22.
    Gandolfi K., Mourtel C., Olivier F.: Electromagnetic analysis: Concrete results. In: CHES, Generators, pp. 251–261 (2001).Google Scholar
  23. 23.
    Gennaro R., Lindell Y.: A framework for password-based authenticated key exchange. In: EUROCRYPT, pp. 524–543 (2003).Google Scholar
  24. 24.
    Halderman J.A., Schoen S.D., Heninger N., Clarkson W., Paul W., Calandrino J.A., Feldman A.J., Appelbaum J., Felten E.W.: Lest we remember: Cold boot attacks on encryption keys. In: USENIX Security Symposium, pp. 45–60 (2008).Google Scholar
  25. 25.
    Halevi S., Kalai Y.T.: Smooth projective hashing and two-message oblivious transfer. J. Cryptol. 25(1), 158–193 (2012).MathSciNetCrossRefMATHGoogle Scholar
  26. 26.
    Halevi S., Lin H.: After-the-fact leakage in public-key encryption. In: TCC, pp. 107–124 (2011).Google Scholar
  27. 27.
    Katz J., Vaikuntanathan V.: Signature schemes with bounded leakage resilience. In: ASIACRYPT, pp. 703–720 (2009).Google Scholar
  28. 28.
    Katz J., Vaikuntanathan V.: Round-optimal password-based authenticated key exchange. In: TCC, pp. 293–310 (2011).Google Scholar
  29. 29.
    Krawczyk H.: SIGMA: the ‘sign-and-mac’ approach to authenticated diffie–hellman and its use in the ike-protocols. In: CRYPTO, pp. 400–425 (2003).Google Scholar
  30. 30.
    Kurosawa K., Furukawa J.: 2-pass key exchange protocols from cpa-secure KEM. In: CT-RSA, pp. 385–401 (2014).Google Scholar
  31. 31.
    LaMacchia B.A., Lauter K.E., Mityagin A.: Stronger security of authenticated key exchange. In: ProvSec, pp. 1–16 (2007).Google Scholar
  32. 32.
    Marvin R.: Google admits an android crypto PRNG flaw led to Bitcoin heist (August 2013). http://sdt.bz/64008 (2013).
  33. 33.
    Micali S., Reyzin L.: Physically observable cryptography (extended abstract). In: TCC, pp. 278–296 (2004).Google Scholar
  34. 34.
    Moriyama D., Okamoto T.: Leakage resilient eck-secure key exchange protocol without random oracles. In: ASIACCS, pp. 441–447 (2011).Google Scholar
  35. 35.
    Naor M., Segev G.: Public-key cryptosystems resilient to key leakage. In: CRYPTO, pp. 18–35 (2009).Google Scholar
  36. 36.
    Quisquater J., Samyde D.: Electromagnetic attack. In: van Tilborg H.C.A., Jajodia S. (eds.) Encyclopedia of Cryptography and Security, 2nd edn, pp. 382–385. Springer, New York (2011).Google Scholar
  37. 37.
    Shumow D., Ferguson N.: On the possibility of a back door in the NIST SP800-90 Dual Ec PRNG. http://rump2007.cr.yp.to/15-shumow (2007).
  38. 38.
    Standaert F., Pereira O., Yu Y., Quisquater J., Yung M., Oswald E.: Leakage resilient cryptography in practice. In: Sadeghi A.R., Naccache D. (eds.) Towards Hardware-Intrinsic Security—Foundations and Practice, pp. 99–134. Springer, New York (2010).CrossRefGoogle Scholar
  39. 39.
    Yang G., Mu Y., Susilo W., Wong D.S.: Leakage resilient authenticated key exchange secure in the auxiliary input model. In: ISPEC, pp. 204–217. Springer, Berlin (2013).Google Scholar
  40. 40.
    Yu Y., Standaert F., Pereira O., Yung M.: Practical leakage-resilient pseudorandom generators. In: ACM CCS, pp. 141–151 (2010).Google Scholar
  41. 41.
    Yuen T.H., Zhang Y., Yiu S., Liu J.K.: Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks. In: ESORICS, pp. 130–147 (2014).Google Scholar
  42. 42.
    Zetter K.: How a crypto ‘backdoor’ pitted the tech world against the NSA. http://www.wired.com/threatlevel/2013/09/nsa-backdoor/all/ (2013).

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  • Rongmao Chen
    • 1
    • 2
  • Yi Mu
    • 1
  • Guomin Yang
    • 1
  • Willy Susilo
    • 1
  • Fuchun Guo
    • 1
  1. 1.University of WollongongWollongongAustralia
  2. 2.National University of Defense TechnologyChangshaChina

Personalised recommendations