Skip to main content

Standard model leakage-resilient authenticated key exchange using inner-product extractors

This article has been updated


With the development of side-channel attacks, a necessity arises to invent authenticated key exchange protocols in a leakage-resilient manner. Constructing authenticated key exchange protocols using existing cryptographic schemes is an effective method, as such construction can be instantiated with any appropriate scheme in a way that the formal security argument remains valid. In parallel, constructing authenticated key exchange protocols that are proven to be secure in the standard model is more preferred as they rely on real-world assumptions. In this paper, we present a Diffie–Hellman-style construction of a leakage-resilient authenticated key exchange protocol, that can be instantiated with any \(\text {CCLA2}\)-secure public-key encryption scheme and a function from the pseudo-random function family. Our protocol is proven to be secure in the standard model assuming the hardness of the decisional Diffie–Hellman problem. Furthermore, it is resilient to continuous partial leakage of long-term secret keys, that happens even after the session key is established, while satisfying the security features defined by the \(\text {eCK}\) security model.

This is a preview of subscription content, access via your institution.

Data availability

Not applicable.

Code availability

Not applicable.

Change history

  • 17 February 2023

    Incorrect ORCID number of the author Dr. Janaka Alawatugoda has been corrected.


  1. Alawatugoda J.: Generic construction of an eck-secure key exchange protocol in the standard model. Int. J. Inf. Secur. 16(5), 541–557 (2017).

    Article  Google Scholar 

  2. Alawatugoda J.: On the leakage-resilient key exchange. J. Math. Cryptol. 11(4), 215–269 (2017).

    Article  MathSciNet  MATH  Google Scholar 

  3. Alawatugoda J.: Public-key encryption in the standard model against strong leakage adversary. Comput. J. 63(12), 1904–1914 (2020).

    Article  MathSciNet  Google Scholar 

  4. Alawatugoda J., Boyd C., Stebila D.: Continuous after-the-fact leakage-resilient key exchange. In: Information Security and Privacy—19th Australasian Conference, ACISP 2014, Wollongong, NSW, Australia, July 7–9, 2014. Proceedings, pp. 258–273 (2014).

  5. Alawatugoda J., Jayasinghe D., Ragel R.: Countermeasures against Bernstein’s remote cache timing attack. In: 6th IEEE International Conference on Industrial and Information Systems (ICIIS), pp. 43 –48 (2011).

  6. Alawatugoda J., Stebila D., Boyd C.: Modelling after-the-fact leakage for key exchange. In: 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS ’14, Kyoto, Japan—June 03–06, 2014, pp. 207–216 (2014).

  7. Alawatugoda J., Stebila D., Boyd C.: Continuous after-the-fact leakage-resilient eck-secure key exchange. In: Cryptography and Coding—15th IMA International Conference, IMACC 2015, Oxford, UK, December 15-17, 2015. Proceedings, pp. 277–294 (2015).

  8. Bellare M., Rogaway P.: Entity authentication and key distribution. In: CRYPTO, pp. 232–249 (1993).

  9. Bellare M., Rogaway P.: Provably secure session key distribution—the three party case. In: 27th ACM STOC, pp. 57–66. ACM Press (1995).

  10. Boneh D., Canetti R., Halevi S., Katz J.: Chosen-ciphertext security from identity-based encryption. SIAM J. Comput. 36(5), 1301–1328 (2007).

    Article  MathSciNet  MATH  Google Scholar 

  11. Boyd C., Cliff Y., Nieto J.M.G., Paterson K.G.: One-round key exchange in the standard model. Int. J. Adv. Comput. Technol. 1, 181–199 (2009).

    MathSciNet  MATH  Google Scholar 

  12. Brumley D., Boneh D.: Remote timing attacks are practical. Presented at the (2003).

  13. Canetti R., Krawczyk H.: Analysis of key-exchange protocols and their use for building secure channels. In: EUROCRYPT, pp. 453–474 (2001).

  14. Chakraborty S., Alawatugoda J., Rangan C.P.: Leakage-resilient non-interactive key exchange in the continuous-memory leakage setting. In: Okamoto, T., Yu Y., Au M.H., Li Y. (eds.) Provable Security—11th International Conference, ProvSec 2017, Xi’an, China, October 23-25, 2017, Proceedings, vol. 10592 of Lecture Notes in Computer Science, pp. 167–187. Springer (2017).

  15. Chen R., Mu Y., Yang G., Susilo W., Guo F.: Strongly leakage-resilient authenticated key exchange. In: Sako K. (ed.) Topics in Cryptology—CT-RSA 2016—The Cryptographers’ Track at the RSA Conference 2016, San Francisco, CA, USA, February 29–March 4, 2016, Proceedings, vol. 9610 of Lecture Notes in Computer Science, pp. 19–36. Springer (2016).

  16. Chen R., Mu Y., Yang G., Susilo W., Guo F.: Strong authenticated key exchange with auxiliary inputs. Des. Codes Cryptogr. 85(1), 145–173 (2017).

    Article  MathSciNet  MATH  Google Scholar 

  17. Diffie W., Hellman M.: New directions in cryptography. IEEE Trans. Inf. Theory 644–654 (1976).

  18. Dziembowski S., Faust S.: Leakage-resilient cryptography from the inner-product extractor. In: ASIACRYPT, pp. 702–721 (2011).

  19. Herath I., Ragel R.: Side channel attacks: measures and countermeasures. Presented at the (2007).

  20. Herath U., Alawatugoda J., Ragel R.: Software implementation level countermeasures against the cache timing attack on advanced encryption standard. Presented at the (2013).

  21. Hutter M., Mangard S., Feldhofer M.: Power and EM attacks on passive 13.56MHz RFID devices. In: CHES, pp. 320–333 (2007).

  22. Katz J., Lindell Y.: Introduction to Modern Cryptography. Chapman and Hall/CRC Press, London (2007).

    Book  MATH  Google Scholar 

  23. Kocher P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: CRYPTO, pp. 104–113 (1996).

  24. LaMacchia B., Lauter K., Mityagin A.: Stronger security of authenticated key exchange. In: ProvSec, pp. 1–16 (2007).

  25. Messerges T., Dabbish E., Sloan R.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51, 541–552 (2002).

    Article  MathSciNet  MATH  Google Scholar 

  26. Moriyama D., Okamoto T.: Leakage resilient eCK-secure key exchange protocol without random oracles. In: ASIACCS, pp. 441–447 (2011).

  27. Yang G., Chen R., Mu Y., Susilo W., Guo F., Li J.: Strongly leakage resilient authenticated key exchange, revisited. Des. Codes Cryptogr. 87(12), 2885–2911 (2019).

    Article  MathSciNet  MATH  Google Scholar 

  28. Yang G., Mu Y., Susilo W., Wong D.S.: Leakage resilient authenticated key exchange secure in the auxiliary input model. In: ISPEC, pp. 204–217 (2013).

Download references


This work was carried out with the aid of a grant from UNECSO-TWAS (21-021 RG/MATHS/AS_I-FR3240319461) and the Swedish International Development Cooperation Agency (Sida). The views expressed herein do not necessarily represent those of UNESCO-TWAS, Sida or its Board of Governors.


UNECSO-TWAS Research Grant (21-021 RG/MATHS/AS_I-FR3240319461)

Author information

Authors and Affiliations



Equally contributed.

Corresponding author

Correspondence to Janaka Alawatugoda.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interests.

Ethical approval

No animals or humans are used.

Consent to participate

Not applicable.

Consent for publication

Not applicable.

Additional information

Communicated by C. Blundo.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.


Appendix A: Preliminaries

1.1 A.1 Leakage model

We frequently borrow notions for the leakage model from Dziembowski and Faust [18].

Leakage game Assume that secret key is stored in the memory as two encoded parts, say L and \(R \in \{ 0, 1\}^s\), and an adversary \({\mathcal {A}}\) wants to learn information from L and R. For a positive integer \(\lambda \), we define \(\lambda \)-leakage game between an adaptive adversary \({\mathcal {A}}\), called \(\lambda \)-limited adversary, and a leakage oracle \(\varLambda (L, R)\) as follows: the adversary queries two adaptively-chosen leakage functions \((f_1, f_2)\) to the oracle \(\varLambda (L, R)\). Then the oracle replies with \(f_1(L)\) and \(f_2(R)\) with restriction that the adversary cannot learn more than \(\lambda \)-bits from each L and R at the end of the game. We denote \(Out( {\mathcal {A}}, \varLambda (L, R) )\) by the output of this game. Moreover, the information from L and R are leaked independently from each other.

Leakage from computations We follow the axiom “only computations leak information" and assume that only computations involving L or R leak their information to the adversary. This can be described in the following setting.

Consider a two-party protocol between the parties \(P_L\) and \(P_R\). Initially, the party \(P_L\) (respectively, \(P_R\)) is given the input L (resp. R) and at the end of the protocol each party have the results \(L'\) and \(R'\), respectively. The execution of the protocol proceeds in rounds. In each round, one party (owner) computes a message and send it to the other. The message may be computed from owner’s input (eg. L or R), randomness chosen by the owner, and the received message from the earlier rounds. In the setting that only computation leaks information, the computations carried out by \(P_L\) (resp. \(P_R\)) with the initial state L (resp. R) in each round may leak information on L (resp. R) independently from R (resp. L). Precisely, the adversary \({\mathcal {A}}\) adaptively chooses two leakage functions \((f_1^j,f_2^j)\) and obtains \(f_1^j(L)\) and \(f_2^j(R)\) from each j-th round in the execution of the protocol. At this time, the adversary is allowed to play the \(\lambda \)-leakage game with access to the leakage oracle \(\varLambda ( (L, \rho _L, M_L ) ; ( R, \rho _R, M_R ) )\), where \(\rho _x\) is the randomness used by \(x \in \{L, R \}\) and \(M_x\) is the previously received message by user \(x \in \{ L, R \}\) in the execution of the protocol. We sometimes omit \(\rho _x\) or \(M_x\) when they are obviously null from the context.

1.2 A.2 Leakage-resilient storage scheme and it’s refreshing protocol

In Dziembowski and Faust [18], they used a leakage-resilient storage scheme to encode the secret key into two parts and a refreshing protocol to construct public-key cryptosystems secure against continuous partial leakage attacks.

1.2.1 A.2.1 Leakage-resilient storage

A leakage-resilient storage (LRS) \(\varPhi = (\text {Encode}, \text {Decode})\) is a scheme to encode a message in \({\mathcal {M}}\), where \(\text {Encode}: {\mathcal {M}} \rightarrow {\mathcal {L}} \times {\mathcal {R}}\) is a probabilistic polynomial-time function and \(\text {Decode}: {\mathcal {L}} \times {\mathcal {R}} \rightarrow {\mathcal {M}} \) is a deterministic, polynomial-time function satisfying \(\text {Decode}( \text {Encode}(S) ) = S\) for any \(S \in {\mathcal {M}}\).

An LRS \(\varPhi \) is called \((\lambda , \epsilon )\)-secure if for any \(S, S' \in {\mathcal {M}}\) and any \(\lambda \)-limited adversary \({\mathcal {A}}\), we have

$$\begin{aligned} \varDelta ( Out( {\mathcal {A}}, \varLambda (L, R) ), Out( {\mathcal {A}}, \varLambda (L', R') ) ) \le \epsilon , \end{aligned}$$

where \((L, R) {:= } \text {Encode}(S)\) and \((L', R') {:= } \text {Encode}(S')\). Here, \(\varDelta \) denotes the statistical distance.

In Dziembowski and Faust [18], they use the fact that the LRS from inner product is \((\lambda , \epsilon )\)-secure for some \(\lambda \) and \(\epsilon >0\). Precisely, for a field \({\mathbb {F}}\), an LRS \(\varPhi _{{\mathbb {F}}}^{n, m} = (\text {Encode}_{{\mathbb {F}} }^{n, m} , \text {Decode}_{{\mathbb {F}} }^{n, m} ) \) is defined as follows:

  • \(\text {Encode}_{{\mathbb {F}} }^{n, m}(S)\) chooses \(L \leftarrow {\mathbb {F}}^n \backslash \{0^n\}\) and samples \(R \leftarrow {\mathbb {F}}^{n \times m}\) such that \(L \cdot R = S\).

  • \(\text {Decode}_{{\mathbb {F}} }^{n, m}(L, R)\) computes \(L \cdot R = S\).

Corollary 1

[18] Suppose \(| {\mathbb {F}} | = \varOmega (n) \) and \(m < n/20\), then the LRS \(\varPhi _{{\mathbb {F}}}^{n, m}\) is a \(( 0.3 | {\mathbb {F}}^n | , \epsilon )\)-secure LRS, where \(\epsilon \) is negligible in the statistical security parameter \(n \in {\mathbb {N}}\).

1.2.2 A.2.2 Refreshing protocol

It is obvious that the above LRS scheme is not secure, if we allow an adversary to obtain leakage information continuously from L and R. To prevent this obstacle, Dziembowski and Faust [18] introduced a refreshing protocol \(\text {Refresh}\) of an LRS \(\varPhi \). The main idea is to refresh the encoded secret (LR) securely to a newly encoded value \((L', R')\) so that it does not reveal enough information to recover the secret key even when an \(\lambda \)-limited adversary can observe the leakage continuously from the refreshing protocol.

Precisely, a refreshing protocol \((L', R') \leftarrow \text {Refresh}(L , R)\) is a two-party protocol between \(P_L\) and \(P_R\) holding L and R respectively. At the end of the protocol, each party outputs \(L'\) and \(R'\) respectively satisfying \(\text {Decode}(L, R) = \text {Decode}(L', R')\).

Let \(\text {Refresh}\) a refreshing protocol, \(\varPhi = (\text {Encode}, \text {Decode})\) an LRS, \({\mathcal {A}}\) an \(\lambda \)-limited adversary, \(\ell \in {\mathbb {N}}\) and \(S \in {\mathcal {M}}\). We consider the following experiments \(\text {Exp}_{(\text {Refresh}, \varPhi )} ({\mathcal {A}}, S, \ell )\):

  • For a secret S, encode it by \((L^0, R^0) \leftarrow \text {Encode}(S)\).

  • For \(i=1\) to \(\ell \), run \({\mathcal {A}}\) against the refreshing protocol: \( {\mathcal {A}} \leftrightarrows ( \text {Refresh}(L_{i-1}, R_{i-1}) \rightarrow (L_i, R_i) )\).

  • Return \(b \in \{0, 1\}\) output by \({\mathcal {A}}\).

As described in the previous paragraph, the leakage from each execution of the protocol is obtained via the leakage oracle \(\varLambda ( (L_i , \rho _{L_i}, M_{L_i}) ; (R_i , \rho _{R_i} , M_{R_i} ) )\). Finally, the security of the refreshing protocol is defined by indistinguishability notion.

Definition 1

(\(A (\ell , \lambda , \epsilon _1)\)-secure refreshing protocol [18]) For a LRS \(\varPhi \) with message space \({\mathcal {M}}\) and \(\ell \in {\mathbb {N}}\) number of leakage rounds, a refreshing protocol \(\text {Refresh}\) is \((\ell , \lambda , \epsilon _1)\)-secure, if for any \(\lambda \)-limited adversary \({\mathcal {A}}\) and any two secrets \(S, S' \in {\mathcal {M}}\), we have

$$\begin{aligned} \varDelta ( \text {Exp}_{(\text {Refresh}, \varPhi ) } ({\mathcal {A}}, S, \ell ) , \text {Exp}_{(\text {Refresh}, \varPhi ) } ({\mathcal {A}}, S' , \ell ) ) \le \epsilon _1. \end{aligned}$$

Theorem 2

[18] Let \(m/3 \le n\), \(n \ge 16\) and \(\ell \in {\mathbb {N}}\). Let nm and \({\mathbb {F}}\) be such that \(\varPhi _{{\mathbb {F}}}^{n, m}\) is \((\lambda , \epsilon )\)-secure for some \(\lambda , \epsilon >0\). Then the protocol \(\text {Refresh}_{{\mathbb {F}}}^{n, m}\) is a \((\ell , \lambda /2-1, \epsilon ')\)-secure refreshing protocol for \(\varPhi _{{\mathbb {F}}}^{n, m}\) with \(\epsilon ' = 2\ell | {\mathbb {F}} |^m ( 3 |{\mathbb {F}}|^m \epsilon + m |{\mathbb {F}}|^{-n-1} )\).

Definition 2

(\(A (\ell , \lambda , \epsilon _1)\)-secure refreshing protocol with auxiliary information [18]) Let \(Z \subset {\mathcal {M}}^m\) be an \(m' < m\) dimensional affine subspace defined by W and Q. For a LRS \(\varPhi \) with message space \({\mathcal {M}}\) and \(\ell \in {\mathbb {N}}\), a refreshing protocol \(\text {Refresh}\) is \((\ell , \lambda , \epsilon _1)\)-secure with auxiliary information (WQ), if for any \(\lambda \)-limited adversary \({\mathcal {A}}\) and any two secrets \(S, S' \in {\mathcal {M}}\), we have,

$$\begin{aligned} \begin{aligned} \varDelta ( \text {Exp}^{\text {aux}}_{(\text {Refresh}, \varPhi ) } ({\mathcal {A}}, S, \ell ,W,Q ) , \text {Exp}^{\text {aux}}_{(\text {Refresh}, \varPhi ) } ({\mathcal {A}}, S' , \ell ,W,Q ) ) \le \epsilon _1. \end{aligned} \end{aligned}$$

Theorem 3

(Generalization of Theorem 1 [18]) Let \(m/4 \le n\), \(n \ge 16\) and \(\ell \in {\mathbb {N}}\). Let (WQ) be as above defining an \(m' < m\) dimensional affine subspace Z. Let \(n, m'\) and \({\mathbb {F}}\) be such that \(\varPhi _{{\mathbb {F}}}^{n, m'}\) is \((\lambda , \epsilon )\)-secure for some \(\lambda , \epsilon >0\). Then the protocol \(\text {Refresh}_{{\mathbb {F}}}^{n, m}\) is a \((\ell , \lambda /2-1,\epsilon ')\)-secure refreshing protocol with auxiliary information defined by (WQ) for \(\varPhi _{{\mathbb {F}}}^{n, m}\) with \(\epsilon ' = 2\ell | {\mathbb {F}} |^m ( 3 |{\mathbb {F}}|^{2m} \epsilon + m |{\mathbb {F}}|^{-n-1} )\).

Corollary 2

[18] Suppose \(| {\mathbb {F}} | = \varOmega (n) \) and \(m =o(n)\), then the \(\text {Refresh}_{{\mathbb {F}}}^{n, m}\) is a \((\ell , 0.15n\log |{\mathbb {F}}|)-1,\epsilon _1)\)-secure refreshing protocol for \(\varPhi _{{\mathbb {F}}}^{n, m}\), where \(\ell \) is a polynomial and \(\epsilon _1\) is negligible in the statistical security parameter \(n \in {\mathbb {N}}\).

1.3 A.3 Leakage-resilient CCA2-secure public-key encryption scheme

For security parameter k, a public-key encryption scheme \(\text {PKE} = ( \text {KG}, \text {Enc}, \text {Dec})\) consists of the following algorithms.

  • \((pk , sk) \leftarrow \text {KG}(1^k)\): It outputs a public/secret key pair.

  • \(c \leftarrow \text {Enc}(pk, m)\): A probabilistic polynomial-time algorithm that outputs \(c = \text {Enc}(pk, m)\) with inputs a message m and the public key pk.

  • \(m = \text {Dec}(sk, c)\): A deterministic algorithm that decrypts the ciphertext c together with the secret key sk. We always have \(m = \text {Dec}(sk, \text {Enc}(pk , m) )\).

The strongest security notion for public-key encryption scheme is security against adaptively-chosen-ciphertext attacks (CCA2-secure). In CCA2 attack against a public-key encryption scheme, the adversary who is given pk picks two messages \(m_0, m_1\) and guesses \(b \in \{ 0, 1 \} \) on input \(c^* = \text {Enc}(pk, m_b)\) while the adversary is allowed to ask for the decryption of chosen-ciphertexts prior and after to seeing \(c^*\).

In the setting that computation leaks information, it is natural to consider leakage information from the queries to the decryption oracle. This yields the following extension of CCA2-security against leakage attacks.

Definition 3

([18], Security against Chosen Ciphertext Leakage Attacks (CCLA2)) Let k be the security parameter. A public-key encryption scheme \(\text {PKE} = (\text {KG}, \text {Enc}, \text {Dec})\) is \(\text {CCLA2}\)-secure if for any \(\lambda '\)-limited adversary \({\mathcal {A}}\) the probability that the experiment below outputs 1 is at most \(1/2 + \texttt {negl}(k)\).

  1. 1.

    The challenger runs \((pk, sk) \leftarrow \text {KG}(1^k)\) and sends pk to \({\mathcal {A}}\).

  2. 2.

    The adversary \({\mathcal {A}}\) asks for the decryption of a ciphertext c learning at most \(\lambda '\)-bits of the current secret sk for each query: \({\mathcal {A}} \leftrightarrows ( \text {Dec}(sk, c) \rightarrow sk' )\). Set \(sk {:= } sk'\) for the next round.

  3. 3.

    \({\mathcal {A}}\) outputs two messages, \(m_0, m_1\), and sends them to the challenger.

  4. 4.

    The challenger computes \(c^* \leftarrow \text {Enc}(pk, m_b)\) for \(b \in \{0, 1\}\) and gives it to \({\mathcal {A}}\).

  5. 5.

    Repeat \({\mathcal {A}} \leftrightarrows ( \text {Dec}(sk, c) \rightarrow sk' )\) for \(c \ne c^*\) learning at most \(\lambda '\)-bits of the current secret sk. Set \(sk {:= } sk'\) for the next round.

  6. 6.

    \({\mathcal {A}}\) outputs \(b' \in \{ 0, 1\}\). If \(b = b'\), then output 1, otherwise output 0.

1.4 A.4 Pseudo-random functions

We now describe the security definition of pseudo-random functions according to Katz and Lindell [22].

Definition 4

(Pseudo-Random Functions) Let \(F: \{0,1\}^* \times \{0,1\}^* \rightarrow \{0,1\}^*\) be an efficient, length preserving, keyed function. We say F is a pseudo-random function if for all probabilistic polynomial-time adversaries \({\mathcal {A}}\), there exists a negligible function \(\epsilon _{\text {PRF}}\) in the security parameter k such that:

$$\begin{aligned}\Big | \Pr [{\mathcal {A}}^{F(key,\cdot )}(1^k)=1] - \Pr [{\mathcal {A}}^{f_{\text {rnd}}(\cdot )}(1^k)=1] \Big | \le \epsilon _{\text {PRF}},\end{aligned}$$

where \(key \in \{0,1\}^k\) is chosen uniformly at random an \(f_{\text {rnd}}\) is chosen uniformly at random from the set of functions mapping k-bit strings to k-bit strings.

Appendix B: Proof sketches of Lemmas 1 and 2

1.1 B.1 Proof sketch of Lemma 1


(Sketch) The proof is similar to that in Dziembowski and Faust [18]. The simulation is described as follows:

  1. 1.

    The simulator \({\mathcal {S}}\) is given the auxiliary information \(\text {aux} = (R_1 + R_2)\), and given access to the leakage oracle \(\varLambda (L^*, R^*)\). She sets \(L = L^*\) and \(R_1 = R^*\).

  2. 2.

    \({\mathcal {S}}\) simulates the leakage of L and \(R_1\) using the leakage oracle \(\varLambda (L^*, R^*)\).

  3. 3.

    The leakage of \(R_2\) can be described from the relation \(R_2=\text {aux} - R^*\). Therefore, \({\mathcal {S}}\) can perfectly simulate the leakage of \(R_2\) using the leakage oracle \(\varLambda (L^*, R^*)\) and the auxiliary value \(\text {aux}\).

\(\square \)

1.2 B.2 Proof sketch of Lemma 2


(Sketch) Note that (WA) defines a 1-dimensional subspace \(Z \subset ({\mathbb {Z}}_q)^2\) that contains all the pairs \((a_1, a_2)\) that correspond to the public key A. For any \(S,S' \in Z\) and any \((\lambda /2 -1 )\)-limited adversary \({\mathcal {A}}\) we have by the Theorem 2 (Generalization of Theorem 1) of Dziembowski and Faust [18], for refreshing of \(\varPhi _{{\mathbb {Z}}_q}^{n, 2}\) that,

$$\begin{aligned} \begin{aligned}&\varDelta ( \text {Exp}^{\text {aux}}_{\texttt{expRef}(B,(L, R))} ({\mathcal {A}}, S, \ell , W, A ) , \text {Exp}^{\text {aux}}_{\texttt{expRef}(B,(L, R)) } ({\mathcal {A}}, S' , \ell , W, A) ) \le \\&\quad 2 \ell p^6 (3 \epsilon + 2 p^{-n-5} ). \end{aligned} \end{aligned}$$

The above experiment addresses only the leakage from the refreshing operation of (LR). In order to combine this with leakage from \(\texttt{exp}\), we use the leakage simulation from Lemma 1. We can apply this lemma since (1)–Eq. (18) is shown by reduction to the \((\lambda ,\epsilon )\)-security of \(\varPhi _{{\mathbb {Z}}_q}^{n, 2}\) and (2)–\(\text {aux}\) is known to the leakage simulator. This completes the proof of Lemma 2, by proving that \(\epsilon _1\) is negligible in the statistical security parameter n. \(\square \)

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and Permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alawatugoda, J., Okamoto, T. Standard model leakage-resilient authenticated key exchange using inner-product extractors. Des. Codes Cryptogr. 90, 1059–1079 (2022).

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI:


Mathematics Subject Classification