Paper 2014/589

Authenticated Key Exchange from Ideal Lattices

Jiang Zhang, Zhenfeng Zhang, Jintai Ding, Michael Snook, and Özgür Dagdelen


Authenticated key exchange (AKE) protocols, such as IKE and SSL/TLS, have been widely used to ensure secure communication over the Internet. We present in this paper a practical and provably secure AKE protocol from ideal lattices, which is conceptually simple and has similarities to the Diffie-Hellman based protocols such as HMQV (CRYPTO 2005) and OAKE (CCS 2013). Our protocol does not rely on other cryptographic primitives---in particular, it does not use signatures---simplifying the protocol and resting the security solely on the hardness of the ring learning with errors (RLWE) problem. The security is proven in a version of the Bellare-Rogaway model, with enhancements to capture weak Perfect Forward Secrecy. We also present concrete choices of parameters for different security levels. A proof-of-concept implementation shows our protocol is a practical candidate post-quantum key exchange protocol.

Available format(s)
Publication info
Preprint. MINOR revision.
Authenticaed Key ExchangeRLWEHQMV
Contact author(s)
jintai ding @ gmail com
2014-09-30: last of 3 revisions
2014-07-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jiang Zhang and Zhenfeng Zhang and Jintai Ding and Michael Snook and Özgür Dagdelen},
      title = {Authenticated Key Exchange from Ideal Lattices},
      howpublished = {Cryptology ePrint Archive, Paper 2014/589},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.