Skip to main content

Advertisement

SpringerLink
Log in

Strong authenticated key exchange with auxiliary inputs

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

A Correspondence to this article was published on 24 July 2017

Abstract

Leakage attacks, including various kinds of side-channel attacks, allow an attacker to learn partial information about the internal secrets such as the secret key and the randomness of a cryptographic system. Designing a strong, meaningful, yet achievable security notion to capture practical leakage attacks is one of the primary goals of leakage-resilient cryptography. In this work, we revisit the modelling and design of authenticated key exchange (AKE) protocols with leakage resilience. We show that the prior works on this topic are inadequate in capturing realistic leakage attacks. To close this research gap, we propose a new security notion named leakage-resilient eCK model w.r.t. auxiliary inputs (\(\mathsf {AI\hbox {-}LR\text{-}eCK}\)) for AKE protocols, which addresses the limitations of the previous models. Our model allows computationally hard-to-invert leakage of both the long-term secret key and the randomness, and also addresses a limitation existing in most of the previous models where the adversary is disallowed to make leakage queries during the challenge session. As another major contribution of this work, we present a generic framework for the construction of AKE protocols that are secure under the proposed \(\mathsf {AI\hbox {-}LR\text{-}eCK}\) model. An instantiation based on the decision Diffie–Hellman (DDH) assumption in the standard model is also given to demonstrate the feasibility of our proposed framework.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Notes

  1. Since the ephemeral secret key \(esk_{\mathcal {A},i^*}\) has no corresponding public key, we have that \(f_j\in \mathcal {H}_{\mathsf {epk\hbox {-}ow}}(\epsilon _{\mathsf {esk}}) = \mathcal {H}_{\mathsf {ow}}(\epsilon _{\mathsf {esk}})\) for all \(1<j<q_e\) according to Lemma 2.

  2. One may notice that here \(\mathcal S\) does not simulate the session of \(\mathcal A\) when \(\mathsf {E}^*\in \{\mathsf {E}_7,\mathsf {E}_8\}\). This is because that when \(\mathsf {E}_7\) or \(\mathsf {E}_8\) happens, the session of \(\mathcal A\) is under the control of the adversary and thus it does not exist. It is also the case for the events \(\mathsf {E}_5\) and \(\mathsf {E}_6\) where \(\mathcal S\) does not need to simulate the session of \(\mathcal B\).

  3. Noting that \(sk_{\mathcal {A}}\) here has the verification key \(vk_{\mathcal {A}}\), one may wonder if the leakage query made by \(\mathcal {M}\) can be answered by \(\mathcal {S}\). It is actually the case, as for each leakage function \(h_j\in \mathcal {H}_{\mathsf {lpk\hbox {-}ow}}(\epsilon _{\mathsf {lsk}})\) (\(1<j<q_l\)) by \(\mathcal {M}\), we can set \(f_j(sk_{\mathcal {A}})=(h_j(sk_{\mathcal {A}},vk_{\mathcal {A}}),vk_{\mathcal {A}})\in \mathcal {H}_{ow}(\epsilon _{\mathsf {lsk}})\).

References

  1. Akavia A., Goldwasser S., Vaikuntanathan V.: Simultaneous hardcore bits and cryptography against memory attacks. In: TCC, pp. 474–495 (2009).

  2. Alawatugoda J., Boyd C., Stebila D.: Continuous after-the-fact leakage-resilient key exchange. In: ACISP, pp. 258–273 (2014).

  3. Alawatugoda J., Stebila D., Boyd C.: Modelling after-the-fact leakage for key exchange. In: ASIACCS, pp. 207–216 (2014).

  4. Alwen J., Dodis Y., Wichs D.: Leakage-resilient public-key cryptography in the bounded-retrieval model. In: CRYPTO, pp. 36–54 (2009).

  5. Bellare M., Rogaway P.: Entity authentication and key distribution. In: CRYPTO, pp. 232–249 (1993).

  6. Bellare M., Canetti R., Krawczyk H.: A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract). In: ACM STOC, pp. 419–428 (1998).

  7. Biham E., Shamir A.: Differential fault analysis of secret key cryptosystems. In: CRYPTO, pp. 513–525 (1997).

  8. Bitansky N., Canetti R., Halevi S.: Leakage-tolerant interactive protocols. In: TCC, pp. 266–284 (2012).

  9. Boyle E., Segev G., Wichs D.: Fully leakage-resilient signatures. J. Cryptol. 26(3), 513–558 (2013).

    Article  MathSciNet  MATH  Google Scholar 

  10. Canetti R., Krawczyk H.: Analysis of key-exchange protocols and their use for building secure channels. In: EUROCRYPT, pp. 453–474 (2001).

  11. Choo K.R., Boyd C., Hitchcock Y.: Examining indistinguishability-based proof models for key establishment protocols. In: ASIACRYPT, pp. 585–604 (2005).

  12. Chow S.S.M., Dodis Y., Rouselakis Y., Waters B.: Practical leakage-resilient identity-based encryption from simple assumptions. In: ACM CCS, pp. 152–161 (2010).

  13. Cramer R., Shoup V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: EUROCRYPT, pp. 45–64 (2002).

  14. Dodis Y., Goldwasser S., Kalai Y.T., Peikert C., Vaikuntanathan V.: Public-key encryption schemes with auxiliary inputs. In: TCC, pp. 361–381 (2010).

  15. Dodis Y., Haralambiev K., López-Alt A., Wichs D.: Efficient public-key cryptography in the presence of key leakage. In: ASIACRYPT, pp. 613–631 (2010).

  16. Dodis Y., Kalai Y.T., Lovett S.: On cryptography with auxiliary input. In: ACM STOC, pp. 621–630 (2009).

  17. Dodis Y., Pietrzak K.: Leakage-resilient pseudorandom functions and side-channel attacks on feistel networks. In: CRYPTO, pp. 21–40 (2010).

  18. Entity authentication mechanisms-part3: Entity authentication using asymmetric techniques. ISO/IEC IS 9789-3 (1993).

  19. Faust S., Hazay C., Nielsen J.B., Nordholt P.S., Zottarel A.: Signature schemes secure against hard-to-invert leakage. In: ASIACRYPT, pp. 98–115 (2012).

  20. Faust S., Pietrzak K., Schipper J.: Practical leakage-resilient symmetric cryptography. In: CHES, pp. 213–232 (2012).

  21. Fujioka A., Suzuki K., Xagawa K., Yoneyama K.: Strongly secure authenticated key exchange from factoring, codes, and lattices. In: PKC, pp. 467–484 (2012).

  22. Gandolfi K., Mourtel C., Olivier F.: Electromagnetic analysis: Concrete results. In: CHES, Generators, pp. 251–261 (2001).

  23. Gennaro R., Lindell Y.: A framework for password-based authenticated key exchange. In: EUROCRYPT, pp. 524–543 (2003).

  24. Halderman J.A., Schoen S.D., Heninger N., Clarkson W., Paul W., Calandrino J.A., Feldman A.J., Appelbaum J., Felten E.W.: Lest we remember: Cold boot attacks on encryption keys. In: USENIX Security Symposium, pp. 45–60 (2008).

  25. Halevi S., Kalai Y.T.: Smooth projective hashing and two-message oblivious transfer. J. Cryptol. 25(1), 158–193 (2012).

    Article  MathSciNet  MATH  Google Scholar 

  26. Halevi S., Lin H.: After-the-fact leakage in public-key encryption. In: TCC, pp. 107–124 (2011).

  27. Katz J., Vaikuntanathan V.: Signature schemes with bounded leakage resilience. In: ASIACRYPT, pp. 703–720 (2009).

  28. Katz J., Vaikuntanathan V.: Round-optimal password-based authenticated key exchange. In: TCC, pp. 293–310 (2011).

  29. Krawczyk H.: SIGMA: the ‘sign-and-mac’ approach to authenticated diffie–hellman and its use in the ike-protocols. In: CRYPTO, pp. 400–425 (2003).

  30. Kurosawa K., Furukawa J.: 2-pass key exchange protocols from cpa-secure KEM. In: CT-RSA, pp. 385–401 (2014).

  31. LaMacchia B.A., Lauter K.E., Mityagin A.: Stronger security of authenticated key exchange. In: ProvSec, pp. 1–16 (2007).

  32. Marvin R.: Google admits an android crypto PRNG flaw led to Bitcoin heist (August 2013). http://sdt.bz/64008 (2013).

  33. Micali S., Reyzin L.: Physically observable cryptography (extended abstract). In: TCC, pp. 278–296 (2004).

  34. Moriyama D., Okamoto T.: Leakage resilient eck-secure key exchange protocol without random oracles. In: ASIACCS, pp. 441–447 (2011).

  35. Naor M., Segev G.: Public-key cryptosystems resilient to key leakage. In: CRYPTO, pp. 18–35 (2009).

  36. Quisquater J., Samyde D.: Electromagnetic attack. In: van Tilborg H.C.A., Jajodia S. (eds.) Encyclopedia of Cryptography and Security, 2nd edn, pp. 382–385. Springer, New York (2011).

    Google Scholar 

  37. Shumow D., Ferguson N.: On the possibility of a back door in the NIST SP800-90 Dual Ec PRNG. http://rump2007.cr.yp.to/15-shumow (2007).

  38. Standaert F., Pereira O., Yu Y., Quisquater J., Yung M., Oswald E.: Leakage resilient cryptography in practice. In: Sadeghi A.R., Naccache D. (eds.) Towards Hardware-Intrinsic Security—Foundations and Practice, pp. 99–134. Springer, New York (2010).

    Chapter  Google Scholar 

  39. Yang G., Mu Y., Susilo W., Wong D.S.: Leakage resilient authenticated key exchange secure in the auxiliary input model. In: ISPEC, pp. 204–217. Springer, Berlin (2013).

  40. Yu Y., Standaert F., Pereira O., Yung M.: Practical leakage-resilient pseudorandom generators. In: ACM CCS, pp. 141–151 (2010).

  41. Yuen T.H., Zhang Y., Yiu S., Liu J.K.: Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks. In: ESORICS, pp. 130–147 (2014).

  42. Zetter K.: How a crypto ‘backdoor’ pitted the tech world against the NSA. http://www.wired.com/threatlevel/2013/09/nsa-backdoor/all/ (2013).

Download references

Acknowledgments

The work of Yi Mu is supported by the National Natural Science Foundation of China (Grant No. 61170298). The work of Guomin Yang is supported by the Australian Research Council Discovery Early Career Researcher Award (Grant No. DE150101116) and the National Natural Science Foundation of China (Grant No. 61472308).

Author information

Authors and Affiliations

  1. University of Wollongong, Wollongong, NSW, Australia

    Rongmao Chen, Yi Mu, Guomin Yang, Willy Susilo & Fuchun Guo

  2. National University of Defense Technology, Changsha, Hunan, China

    Rongmao Chen

Authors
  1. Rongmao Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yi Mu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guomin Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Willy Susilo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Fuchun Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rongmao Chen.

Additional information

Communicated by C. Mitchell.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chen, R., Mu, Y., Yang, G. et al. Strong authenticated key exchange with auxiliary inputs. Des. Codes Cryptogr. 85, 145–173 (2017). https://doi.org/10.1007/s10623-016-0295-3

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-016-0295-3

Keywords

Mathematics Subject Classification

Search

Navigation