### Two-Pass Authenticated Key Exchange with Explicit Authentication and Tight Security

Xiangyu Liu, Shengli Liu, Dawu Gu, and Jian Weng

##### Abstract

We propose a generic construction of 2-pass authenticated key exchange (AKE) scheme with explicit authentication from key encapsulation mechanism (KEM) and signature (SIG) schemes. We improve the security model due to Gjosteen and Jager [Crypto2018] to a stronger one. In the strong model, if a replayed message is accepted by some user, the authentication of AKE is broken. We define a new security notion named ''IND-mCPA with adaptive reveals'' for KEM. When the underlying KEM has such a security and SIG has unforgeability with adaptive corruptions, our construction of AKE equipped with counters as states is secure in the strong model, and stateless AKE without counter is secure in the traditional model. We also present a KEM possessing tight ''IND-mCPA security with adaptive reveals'' from the Computation Diffie-Hellman assumption in the random oracle model. When the generic construction of AKE is instantiated with the KEM and the available SIG by Gjosteen and Jager [Crypto2018], we obtain the first practical 2-pass AKE with tight security and explicit authentication. In addition, the integration of the tightly IND-mCCA secure KEM (derived from PKE by Han et al. [Crypto2019]) and the tightly secure SIG by Bader et al. [TCC2015] results in the first tightly secure 2-pass AKE with explicit authentication in the standard model.

Available format(s)
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Authenticated key exchangeTight securityExplicit authenticationTwo-pass protocol
Contact author(s)
xiangyu_liu @ sjtu edu cn
slliu @ sjtu edu cn
History
2020-10-08: revised
See all versions
Short URL
https://ia.cr/2020/1088

CC BY

BibTeX

@misc{cryptoeprint:2020/1088,
author = {Xiangyu Liu and Shengli Liu and Dawu Gu and Jian Weng},
title = {Two-Pass Authenticated Key Exchange with Explicit Authentication and Tight Security},
howpublished = {Cryptology ePrint Archive, Paper 2020/1088},
year = {2020},
note = {\url{https://eprint.iacr.org/2020/1088}},
url = {https://eprint.iacr.org/2020/1088}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.