Paper 2019/088
Continuous Key Agreement with Reduced Bandwidth
Nir Drucker and Shay Gueron
Abstract
Continuous Key Agreement (CKA) is a two-party procedure used by Double Ratchet protocols (e. g., Signal). This is a continuous and synchronous protocol that generates a fresh key for every sent/received message. It guarantees forward secrecy and Post-Compromise Security (PCS). PCS allows for reestablishing the security within a few rounds after the state of one of the parties has been compromised. Alwen et al. have recently proposed a new KEM-based CKA construction where every message contains a ciphertext and a fresh public key. This can be made quantum-safe by deploying a quantum-safe KEM. They mention that the bandwidth can be reduced when using an ElGamal KEM (which is not quantum-safe). In this paper, we generalized their approach by defining a new primitive, namely Merged KEM (MKEM). This primitive merges the key generation and the encapsulation steps of a KEM. This is not possible for every KEM and we discuss cases where a KEM can be converted to an MKEM. One example is the quantum-safe proposal BIKE1, where the BIKE-MKEM saves 50% of the communication bandwidth, compared to the original construction. In addition, we offer the notion and two constructions for hybrid CKA.
Metadata
- Available format(s)
-
PDF
- Publication info
- Preprint. MINOR revision.
- Keywords
- Double Ratchet ProtocolContinuous Key AgreementPost Quantum CryptographyCode-based CryptographyBIKE
- Contact author(s)
-
drucker nir @ gmail com
shay gueron @ gmail com - History
- 2019-01-28: received
- Short URL
- https://ia.cr/2019/088
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/088,
author = {Nir Drucker and Shay Gueron},
title = {Continuous Key Agreement with Reduced Bandwidth},
howpublished = {Cryptology {ePrint} Archive, Paper 2019/088},
year = {2019},
url = {https://eprint.iacr.org/2019/088}
}
