Cryptology ePrint Archive: Report 2017/418

Strong Authenticated Key Exchange with Auxiliary Inputs

Rongmao Chen and Yi Mu and Guomin Yang and Willy Susilo and Fuchun Guo

Abstract: Leakage attacks, including various kinds of side-channel attacks, allow an attacker to learn partial information about the internal secrets such as the secret key and the randomness of a cryptographic system. Designing a strong, meaningful, yet achievable security notion to capture practical leakage attacks is one of the primary goals of leakage-resilient cryptography. In this work, we revisit the modelling and design of authenticated key exchange (AKE) protocols with leakage resilience. We show that the prior works on this topic are inadequate in capturing realistic leakage attacks. To close this research gap, we propose a new security notion named \textit{leakage-resilient eCK model w.r.t. auxiliary inputs} ($\mathsf{AI\mbox{-}LR\mbox{-}eCK}$) for AKE protocols, which addresses the limitations of the previous models. Our model allows computationally hard-to-invert leakage of \textit{both the long-term secret key and the randomness}, and also addresses a limitation \tb{existing in most} of the previous models where the adversary is disallowed to make leakage queries during the challenge session. As another major contribution of this work, we present a generic framework for the construction of AKE protocols that are secure under the proposed $\mathsf{AI\mbox{-}LR\mbox{-}eCK}$ model. An instantiation based on the \textit{Decision Diffie-Hellman} (DDH) assumption in the standard model is also given to demonstrate the feasibility of our proposed framework.

Category / Keywords: Authenticated Key Exchange

Original Publication (in the same form): Designs, Codes and Cryptography

Date: received 15 May 2017, last revised 26 Jun 2017

Contact author: rc517 at uowmail edu au

Available format(s): PDF | BibTeX Citation

Note: Some statements are revised for better readability.

Version: 20170626:135928 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]