Cryptology ePrint Archive: Report 2012/211

Strongly Secure Authenticated Key Exchange from Factoring, Codes, and Lattices

Atsushi Fujioka and Koutarou Suzuki and Keita Xagawa and Kazuki Yoneyama

Abstract: An unresolved problem in research on authenticated key exchange (AKE) is to construct a secure protocol against advanced attacks such as key compromise impersonation and maximal exposure attacks without relying on random oracles. HMQV, a state of the art AKE protocol, achieves both efficiency and the strong security model proposed by Krawczyk (we call it the CK+ model), which includes resistance to advanced attacks. However, the security proof is given under the random oracle model. We propose a generic construction of AKE from a key encapsulation mechanism (KEM). The construction is based on a chosen-ciphertext secure KEM, and the resultant AKE protocol is CK+ secure in the standard model. The protocol gives the first CK+ secure AKE protocols based on the hardness of integer factorization problem, code-based problems, or learning problems with errors. In addition, instantiations under the Diffie-Hellman assumption or its variant can be proved to have strong security without non-standard assumptions such as $\pi$PRF and KEA1.

Category / Keywords: cryptographic protocols / authenticated key exchange, CK+ model, key encapsulation mechanism

Publication Info: PKC 2012

Date: received 16 Apr 2012, last revised 22 Apr 2012

Contact author: yoneyama kazuki at lab ntt co jp

Available format(s): PDF | BibTeX Citation

Version: 20120423:051201 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]