Post-Compromise Security

Katriel Cohn-Gordon, Cas Cremers, and Luke Garratt

Abstract

In this work we study communication with a party whose secrets have already been compromised. At first sight, it may seem impossible to provide any type of security in this scenario. However, under some conditions, practically relevant guarantees can still be achieved. We call such guarantees post-compromise security''. We provide the first informal and formal definitions for post-compromise security, and show that it can be achieved in several scenarios. At a technical level, we instantiate our informal definitions in the setting of authenticated key exchange (AKE) protocols, and develop two new strong security models for two different threat models. We show that both of these security models can be satisfied, by proposing two concrete protocol constructions and proving they are secure in the models. Our work leads to crucial insights on how post-compromise security can (and cannot) be achieved, paving the way for applications in other domains.

Available format(s)
Publication info
Published elsewhere. Minor revision.2016 IEEE 29th Computer Security Foundations Symposium (CSF)
DOI
10.1109/CSF.2016.19
Keywords
Post-Compromise SecuritySecurity ProtocolsKey ExchangeRatchetingFuture SecrecyThreat Models
Contact author(s)
cremers @ cispa saarland
History
2019-10-16: last of 4 revisions
See all versions
Short URL
https://ia.cr/2016/221

CC BY

BibTeX

@misc{cryptoeprint:2016/221,
author = {Katriel Cohn-Gordon and Cas Cremers and Luke Garratt},
title = {Post-Compromise Security},
howpublished = {Cryptology ePrint Archive, Paper 2016/221},
year = {2016},
doi = {10.1109/CSF.2016.19},
note = {\url{https://eprint.iacr.org/2016/221}},
url = {https://eprint.iacr.org/2016/221}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.