### One-Round Key Exchange with Strong Security: An Efficient and Generic Construction in the Standard Model

Florian Bergsma, Tibor Jager, and Jörg Schwenk

##### Abstract

One-round authenticated key exchange (ORKE) is an established research area, with many prominent protocol constructions like HMQV (Krawczyk, CRYPTO 2005) and Naxos (La Macchia et al., ProvSec 2007), and many slightly different, strong security models. Most constructions combine ephemeral and static Diffie-Hellman Key Exchange (DHKE), in a manner often closely tied to the underlying security model. We give a generic construction of ORKE protocols from general assumptions, with security in the standard model, and in a strong security model where the attacker is even allowed to learn the randomness or the long-term secret of either party in the target session. The only restriction is that the attacker must not learn both the randomness and the long-term secret of one party of the target session, since this would allow him to recompute all internal states of this party, including the session key. This is the first such construction that does not rely on random oracles. The construction is intuitive, relatively simple, and efficient. It uses only standard primitives, namely non-interactive key exchange, a digital signature scheme, and a pseudorandom function, with standard security properties, as building blocks.

Available format(s)
Category
Public-key cryptography
Publication info
DOI
http://dx.doi.org/
Keywords
One-round key exchangeeCK securityprovable security
Contact author(s)
Florian Bergsma @ rub de
History
Short URL
https://ia.cr/2015/015

CC BY

BibTeX

@misc{cryptoeprint:2015/015,
author = {Florian Bergsma and Tibor Jager and Jörg Schwenk},
title = {One-Round Key Exchange with Strong Security: An Efficient and Generic Construction in the Standard Model},
howpublished = {Cryptology ePrint Archive, Paper 2015/015},
year = {2015},
doi = {http://dx.doi.org/},
note = {\url{https://eprint.iacr.org/2015/015}},
url = {https://eprint.iacr.org/2015/015}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.