### A Formal Treatment of Multi-key Channels

Felix Günther and Sogol Mazaheri

##### Abstract

Secure channel protocols protect data transmission over a network from being overheard or tampered with. In the common abstraction, cryptographic models for channels involve a single key for ensuring the central security notions of confidentiality and integrity. The currently developed next version of the Transport Layer Security protocol, TLS 1.3, however introduces a key updating mechanism in order to deploy a sequence of multiple, possibly independent encryption keys in its channel sub-protocol. This design aims at achieving forward security, protecting prior communication after long-term key corruption, as well as security of individual channel phases even if the key in other phases is leaked (a property we denote as phase-key insulation). Neither of these security aspects has been treated formally in the context of cryptographic channels so far, leading to a current lack of techniques to evaluate such channel designs cryptographically. We approach this gap by introducing the first formal model of multi-key channels, where sender and receiver can update their shared secret key during the lifetime of the channel without interrupting the communication. We present modular, game-based notions for confidentiality and integrity, integrating forward security and phase-key insulation as two advanced security aspects. As we show, our framework of notions on the lower end of its hierarchy naturally connects to the existing notions of stateful encryption established for single-key channels. Like for classical channels, it further allows for generically composing chosen-ciphertext confidentiality from chosen-plaintext confidentiality and ciphertext integrity. We instantiate the strongest security notions in our model with a construction based on authenticated encryption with associated data and a pseudorandom function. Being comparatively close, our construction additionally enables us to discuss the TLS 1.3 record protocol design.

Available format(s)
Category
Cryptographic protocols
Publication info
A minor revision of an IACR publication in CRYPTO 2017
DOI
10.1007/978-3-319-63697-9_20
Keywords
secure channelmulti-key channelTransport Layer Security (TLS 1.3)key updatesforward securitykey insulation
Contact author(s)
sogol mazaheri @ cryptoplexity de
History
2017-08-11: revised
See all versions
Short URL
https://ia.cr/2017/501

CC BY

BibTeX

@misc{cryptoeprint:2017/501,
author = {Felix Günther and Sogol Mazaheri},
title = {A Formal Treatment of Multi-key Channels},
howpublished = {Cryptology ePrint Archive, Paper 2017/501},
year = {2017},
doi = {10.1007/978-3-319-63697-9_20},
note = {\url{https://eprint.iacr.org/2017/501}},
url = {https://eprint.iacr.org/2017/501}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.