Cryptology ePrint Archive: Report 2015/1248

Generic Transformation of a CCA2-Secure Public-Key Encryption Scheme to an eCK-Secure Key Exchange Protocol in the Standard Model

Janaka Alawatugoda

Abstract: LaMacchia, Lauter and Mityagin presented a strong security model for authenticated key agreement, namely the eCK model. They also constructed a protocol, namely the NAXOS protocol, that enjoys a simple security proof in the eCK model. However, the NAXOS protocol uses a random-oracle-based technique to combine the long-term secret key and the per-session-randomness; so-called NAXOS- trick, in order to achieve the eCK security definition. For NAXOS-trick-based protocols, the leakage of per-session-randomness modelled in the eCK model is somewhat unnatural, because the eCK model leaks per-session-randomness, while the output of the NAXOS-trick computation remains safe. In this work, we present a standard model eCK-secure protocol construction, eliminating the NAXOS-trick. Moreover, our protocol is a generic constructions, which can be instantiated with arbitrary suitable cryptographic primitives. Thus, we present a generic eCK-secure, NAXOS-free, standard model key exchange protocol. To the best of our knowledge this is the first paper on generic transformation of a CCA2-secure public key encryption scheme to an eCK-secure key exchange protocol in the standard model.

Category / Keywords: Public Key Cryptography, Key Exchange Protocols, eCK Model, Standard Model

Original Publication (with minor differences): International Journal of Information Security
DOI:
10.1007/s10207-016-0346-9

Date: received 1 Jan 2016, last revised 15 Aug 2016

Contact author: araliyaqut at gmail com

Available format(s): PDF | BibTeX Citation

Note: The title of the original publication in the International Journal of Information Security is slightly different because it does not have the space for the title "Generic Transformation of a CCA2-Secure Public-Key Encryption Scheme to an eCK-Secure Key Exchange Protocol in the Standard Model". To avoid any misunderstandings, I decided to update that information in this version as well.

Version: 20160815:104440 (All versions of this report)

Short URL: ia.cr/2015/1248

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]