Paper 2021/607

Signed (Group) Diffie-Hellman Key Exchange with Tight Security

Jiaxin Pan, Chen Qian, and Magnus Ringerud


We propose the first tight security proof for the ordinary two-message signed Diffie-Hellman key exchange protocol in the random oracle model. Our proof is based on the strong computational Diffie-Hellman assumption and the multi-user security of a digital signature scheme. With our security proof, the signed DH protocol can be deployed with optimal parameters, independent of the number of users or sessions, without the need to compensate any security loss. We abstract our approach with a new notion called verifiable key exchange. In contrast to a known tight three-message variant of the signed Diffie-Hellman protocol (Gjøsteen and Jager, CRYPTO 2018), we do not require any modification to the original protocol, and our tightness result is proven in the ``Single-Bit-Guess'' model which we know can be tightly composed with symmetric cryptographic primitives to establish a secure channel. Finally, we extend our approach to the group setting and construct the first tightly secure group authenticated key exchange protocol.

Note: This is the extended, full version of the paper published at CT-RSA 2021.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision.CT-RSA 2021
Authenticated key exchangegroup key exchangesigned Diffie-Hellmantight security.
Contact author(s)
magnus ringerud @ ntnu no
2021-11-10: last of 2 revisions
2021-05-17: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jiaxin Pan and Chen Qian and Magnus Ringerud},
      title = {Signed (Group) Diffie-Hellman Key Exchange with Tight Security},
      howpublished = {Cryptology ePrint Archive, Paper 2021/607},
      year = {2021},
      doi = {10.1007/978-3-030-75539-3_9},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.