Paper 2015/1248

Generic Transformation of a CCA2-Secure Public-Key Encryption Scheme to an eCK-Secure Key Exchange Protocol in the Standard Model

Janaka Alawatugoda

Abstract

LaMacchia, Lauter and Mityagin presented a strong security model for authenticated key agreement, namely the eCK model. They also constructed a protocol, namely the NAXOS protocol, that enjoys a simple security proof in the eCK model. However, the NAXOS protocol uses a random-oracle-based technique to combine the long-term secret key and the per-session-randomness; so-called NAXOS- trick, in order to achieve the eCK security definition. For NAXOS-trick-based protocols, the leakage of per-session-randomness modelled in the eCK model is somewhat unnatural, because the eCK model leaks per-session-randomness, while the output of the NAXOS-trick computation remains safe. In this work, we present a standard model eCK-secure protocol construction, eliminating the NAXOS-trick. Moreover, our protocol is a generic constructions, which can be instantiated with arbitrary suitable cryptographic primitives. Thus, we present a generic eCK-secure, NAXOS-free, standard model key exchange protocol. To the best of our knowledge this is the first paper on generic transformation of a CCA2-secure public key encryption scheme to an eCK-secure key exchange protocol in the standard model.

Note: The title of the original publication in the International Journal of Information Security is slightly different because it does not have the space for the title "Generic Transformation of a CCA2-Secure Public-Key Encryption Scheme to an eCK-Secure Key Exchange Protocol in the Standard Model". To avoid any misunderstandings, I decided to update that information in this version as well.