eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2019/665

Key Exchange and Authenticated Key Exchange with Reusable Keys Based on RLWE Assumption

Jintai Ding, Pedro Branco, and Kevin Schmitt

Abstract

Key Exchange (KE) is, undoubtedly, one of the most used cryptographic primitives in practice. Its authenticated version, Authenticated Key Exchange (AKE), avoids man-in-the-middle-based attacks by providing authentication for both parties involved. It is widely used on the Internet, in protocols such as TLS or SSH. In this work, we provide new constructions for KE and AKE based on ideal lattices in the Random Oracle Model (ROM). The contributions of this work can be summarized as follows: 1) It is well-known that RLWE-based KE protocols are not robust for key reuses since the signal function leaks information about the secret key. We modify the design of previous RLWE-based KE schemes to allow key reuse in the ROM. Our construction makes use of a new technique called pasteurization which enforces a supposedly RLWE sample sent by the other party to be indeed indistinguishable from a uniform sample and, therefore, ensures no information leakage in the whole KE process. 2) We build a new AKE scheme based on the construction above. The scheme provides implicit authentication (that is, it does not require the use of any other authentication mechanism, like a signature scheme) and it is proven secure in the Bellare-Rogaway model with weak Perfect Forward Secrecy in the ROM. It improves previous designs for AKE schemes based on lattices in several aspects. Our construction just requires sampling from only one discrete Gaussian distribution and avoids rejection sampling and noise flooding techniques, unlike previous proposals (Zhang et al., EUROCRYPT 2015). Thus, the scheme is much more efficient than previous constructions in terms of computational and communication complexity. Since our constructions are provably secure assuming the hardness of the RLWE problem, they are considered to be robust against quantum adversaries and, thus, suitable for post-quantum applications.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Authenticated Key ExchangeRLWEkey reuse
Contact author(s)
pmbranco @ math tecnico ulisboa pt
History
2019-06-06: received
Short URL
https://ia.cr/2019/665
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/665,
      author = {Jintai Ding and Pedro Branco and Kevin Schmitt},
      title = {Key Exchange and Authenticated Key Exchange with Reusable Keys Based on RLWE Assumption},
      howpublished = {Cryptology ePrint Archive, Paper 2019/665},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/665}},
      url = {https://eprint.iacr.org/2019/665}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.