Cryptology ePrint Archive: Report 2020/1088

Two-Pass Authenticated Key Exchange with Explicit Authentication and Tight Security

Xiangyu Liu; Shengli Liu; Dawu Gu; Jian Weng

Abstract: We propose a generic construction of 2-pass authenticated key exchange (AKE) scheme with explicit authentication from key encapsulation mechanism (KEM) and signature (SIG) schemes. We improve the security model due to Gjosteen and Jager [Crypto2018] to a stronger one. In the strong model, if a replayed message is accepted by some user, the authentication of AKE is broken. We define a new security notion named ''IND-mCPA with adaptive reveals'' for KEM. When the underlying KEM has such a security and SIG has unforgeability with adaptive corruptions, our construction of AKE equipped with counters as states is secure in the strong model, and stateless AKE without counter is secure in the traditional model. We also present a KEM possessing tight ''IND-mCPA security with adaptive reveals'' from the Computation Diffie-Hellman assumption in the random oracle model. When the generic construction of AKE is instantiated with the KEM and the available SIG by Gjosteen and Jager [Crypto2018], we obtain the first practical 2-pass AKE with tight security and explicit authentication. In addition, the integration of the tightly IND-mCCA secure KEM (derived from PKE by Han et al. [Crypto2019]) and the tightly secure SIG by Bader et al. [TCC2015] results in the first tightly secure 2-pass AKE with explicit authentication in the standard model.

Category / Keywords: public-key cryptography / Authenticated key exchange, Tight security, Explicit authentication, Two-pass protocol

Date: received 10 Sep 2020

Contact author: xiangyu_liu at sjtu edu cn,slliu@sjtu edu cn

Available format(s): PDF | BibTeX Citation

Version: 20200915:111416 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]