Cryptology ePrint Archive: Report 2012/416

Beyond eCK: Perfect Forward Secrecy under Actor Compromise and Ephemeral-Key Reveal

Cas Cremers and Michèle Feltz

Abstract: We show that it is possible to achieve perfect forward secrecy in two-message or one-round key exchange (KE) protocols that satisfy even stronger security properties than provided by the extended Canetti-Krawczyk (eCK) security model. In particular, we consider perfect forward secrecy in the presence of adversaries that can reveal ephemeral secret keys and the long-term secret keys of the actor of a session (similar to Key Compromise Impersonation).

We propose two new game-based security models for KE protocols. First, we formalize a slightly stronger variant of the eCK security model that we call eCKw. Second, we integrate perfect forward secrecy into eCKw, which gives rise to the even stronger eCK-PFS model. We propose a security-strengthening transformation (i.e., a compiler) between our new models. Given a two-message Diffie-Hellman type protocol secure in eCKw, our transformation yields a two-message protocol that is secure in eCK-PFS. As an example, we show how our transformation can be applied to the NAXOS protocol.

Category / Keywords: cryptographic protocols / key exchange, security models, protocol transformations, perfect forward secrecy, ephemeral-key reveal, key compromise impersonation, actor compromise

Publication Info: Full version of the ESORICS 2012 paper

Date: received 25 Jul 2012, last revised 19 Oct 2017

Contact author: cas cremers at gmail com

Available format(s): PDF | BibTeX Citation

Note: V2.0 mainly addresses gap in proof.

Version: 20171019:183021 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]