Paper 2014/131

Modelling After-the-fact Leakage for Key Exchange

Janaka Alawatugoda, Douglas Stebila, and Colin Boyd

Abstract

Security models for two-party authenticated key exchange (AKE) protocols have developed over time to prove the security of AKE protocols even when the adversary learns certain secret values. In this work, we address more granular leakage: partial leakage of long-term secrets of protocol principals, even after the session key is established. We introduce a generic key exchange security model, which can be instantiated allowing bounded or continuous leakage, even when the adversary learns certain ephemeral secrets or session keys. Our model is the strongest known partial-leakage-based security model for key exchange protocols. We propose a generic construction of a two-pass leakage-resilient key exchange protocol that is secure in the proposed model, by introducing a new concept: the leakage-resilient NAXOS trick. We identify a special property for public-key cryptosystems: pair generation indistinguishability, and show how to obtain the leakage-resilient NAXOS trick from a pair generation indistinguishable leakage-resilient public-key cryptosystem.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2014)
Keywords
key exchange protocolspublic-keyside-channel attackssecurity modelsleakage-resilientafter-the-factNAXOS
Contact author(s)
janaka alawatugoda @ qut edu au
History
2014-02-27: revised
2014-02-24: received
See all versions
Short URL
https://ia.cr/2014/131
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/131,
      author = {Janaka Alawatugoda and Douglas Stebila and Colin Boyd},
      title = {Modelling After-the-fact Leakage for Key Exchange},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/131},
      year = {2014},
      url = {https://eprint.iacr.org/2014/131}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.