Paper 2012/211
Strongly Secure Authenticated Key Exchange from Factoring, Codes, and Lattices
Atsushi Fujioka and Koutarou Suzuki and Keita Xagawa and Kazuki Yoneyama
Abstract
An unresolved problem in research on authenticated key exchange (AKE) is to construct a secure protocol against advanced attacks such as key compromise impersonation and maximal exposure attacks without relying on random oracles. HMQV, a state of the art AKE protocol, achieves both efficiency and the strong security model proposed by Krawczyk (we call it the CK+ model), which includes resistance to advanced attacks. However, the security proof is given under the random oracle model. We propose a generic construction of AKE from a key encapsulation mechanism (KEM). The construction is based on a chosen-ciphertext secure KEM, and the resultant AKE protocol is CK+ secure in the standard model. The protocol gives the first CK+ secure AKE protocols based on the hardness of integer factorization problem, code-based problems, or learning problems with errors. In addition, instantiations under the Diffie-Hellman assumption or its variant can be proved to have strong security without non-standard assumptions such as $\pi$PRF and KEA1.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. PKC 2012
- Keywords
- authenticated key exchangeCK+ modelkey encapsulation mechanism
- Contact author(s)
- yoneyama kazuki @ lab ntt co jp
- History
- 2013-08-19: last of 2 revisions
- 2012-04-22: received
- See all versions
- Short URL
- https://ia.cr/2012/211
- License
-
CC BY