Cryptology ePrint Archive: Report 2019/088

Continuous Key Agreement with Reduced Bandwidth

Nir Drucker and Shay Gueron

Abstract: Continuous Key Agreement (CKA) is a two-party procedure used by Double Ratchet protocols (e. g., Signal). This is a continuous and synchronous protocol that generates a fresh key for every sent/received message. It guarantees forward secrecy and Post-Compromise Security (PCS). PCS allows for reestablishing the security within a few rounds after the state of one of the parties has been compromised. Alwen et al. have recently proposed a new KEM-based CKA construction where every message contains a ciphertext and a fresh public key. This can be made quantum-safe by deploying a quantum-safe KEM. They mention that the bandwidth can be reduced when using an ElGamal KEM (which is not quantum-safe). In this paper, we generalized their approach by defining a new primitive, namely Merged KEM (MKEM). This primitive merges the key generation and the encapsulation steps of a KEM. This is not possible for every KEM and we discuss cases where a KEM can be converted to an MKEM. One example is the quantum-safe proposal BIKE1, where the BIKE-MKEM saves 50% of the communication bandwidth, compared to the original construction. In addition, we offer the notion and two constructions for hybrid CKA.

Category / Keywords: Double Ratchet Protocol, Continuous Key Agreement, Post Quantum Cryptography, Code-based Cryptography, BIKE

Date: received 27 Jan 2019

Contact author: drucker nir at gmail com, shay gueron at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20190128:164335 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]