Paper 2019/965

Beyond Security and Efficiency: On-Demand Ratcheting with Security Awareness

Andrea Caforio, F Betül Durak, and Serge Vaudenay


Secure asynchronous two-party communication applies ratcheting to strengthen privacy, in the presence of internal state exposures. Security with ratcheting is provided in two forms: forward security and post-compromise security. There have been several such secure protocols proposed in the last few years. However, they come with a high cost. In this paper, we propose two generic constructions with favorable properties. Concretely, our first construction achieves security awareness. It allows users to detect non-persistent active attacks, to determine which messages are not safe given a potential leakage pattern, and to acknowledge for deliveries. In our second construction, we define a hybrid system formed by combining two protocols: typically, a weakly secure "light" protocol and a strongly secure "heavy" protocol. The design goals of our hybrid construction are, first, to let the sender decide which one to use in order to obtain an efficient protocol with ratchet on demand; and second, to restore the communication between honest participants in the case of a message loss or an active attack. We can apply our generic constructions to any existing protocol.

Available format(s)
Cryptographic protocols
Publication info
A minor revision of an IACR publication in PKC 2021
secure communicationpost-compromise securityratchet
Contact author(s)
serge vaudenay @ epfl ch
durakfbetul @ gmail com
andrea caforio @ epfl ch
2021-05-10: last of 3 revisions
2019-08-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Andrea Caforio and F Betül Durak and Serge Vaudenay},
      title = {Beyond Security and Efficiency: On-Demand Ratcheting with Security Awareness},
      howpublished = {Cryptology ePrint Archive, Paper 2019/965},
      year = {2019},
      doi = {10.1007/978-3-030-75248-4_23},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.