Paper 2014/369

On the Limits of Authenticated Key Exchange Security with an Application to Bad Randomness

Michèle Feltz and Cas Cremers


State-of-the-art authenticated key exchange (AKE) protocols are proven secure in game-based security models. These models have considerably evolved in strength from the original Bellare-Rogaway model. However, so far only informal impossibility results, which suggest that no protocol can be secure against stronger adversaries, have been sketched. At the same time, there are many different security models being used, all of which aim to model the strongest possible adversary. In this paper we provide the first systematic analysis of the limits of game-based security models. Our analysis reveals that different security goals can be achieved in different relevant classes of AKE protocols. From our formal impossibility results, we derive strong security models for these protocol classes and give protocols that are secure in them. In particular, we analyse the security of AKE protocols in the presence of adversaries who can perform attacks based on chosen randomness, in which the adversary controls the randomness used in protocol sessions. Protocols that do not modify memory shared among sessions, which we call stateless protocols, are insecure against chosen-randomness attacks. We propose novel stateful protocols that provide resilience even against this worst case randomness failure, thereby weakening the security assumptions required on the random number generator.

Available format(s)
Cryptographic protocols
Publication info
authenticated key exchange (AKE)security modelsimpossibility resultsstateless protocolsstateful protocolsbad randomnesschosen-randomness
Contact author(s)
mmc feltz @ gmail com
2014-05-27: received
Short URL
Creative Commons Attribution


      author = {Michèle Feltz and Cas Cremers},
      title = {On the Limits of Authenticated Key Exchange Security with an Application to Bad Randomness},
      howpublished = {Cryptology ePrint Archive, Paper 2014/369},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.