Cryptology ePrint Archive: Report 2021/863

Authenticated Key Exchange and Signatures with Tight Security in the Standard Model

Shuai Han and Tibor Jager and Eike Kiltz and Shengli Liu and Jiaxin Pan and Doreen Riepel and Sven Schäge

Abstract: We construct the first authenticated key exchange protocols that achieve tight security in the standard model. Previous works either relied on techniques that seem to inherently require a random oracle, or achieved only “Multi-Bit-Guess” security, which is not known to compose tightly, for instance, to build a secure channel.

Our constructions are generic, based on digital signatures and key encapsulation mechanisms (KEMs). The main technical challenges we resolve is to determine suitable KEM security notions which on the one hand are strong enough to yield tight security, but at the same time weak enough to be efficiently instantiable in the standard model, based on standard techniques such as universal hash proof systems.

Digital signature schemes with tight multi-user security in presence of adaptive corruptions are a central building block, which is used in all known constructions of tightly-secure AKE with full forward security. We identify a subtle gap in the security proof of the only previously known efficient standard model scheme by Bader et al. (TCC 2015). We develop a new variant, which yields the currently most efficient signature scheme that achieves this strong security notion without random oracles and based on standard hardness assumptions.

Category / Keywords: public-key cryptography / Authenticated key exchange, digital signatures, tightness

Original Publication (with major differences): IACR-CRYPTO-2021

Date: received 23 Jun 2021

Contact author: dalen17 at sjtu edu cn, tibor jager at uni-wuppertal de, eike kiltz at rub de, slliu at sjtu edu cn, jiaxin pan at ntnu no, doreen riepel at rub de, sven schaege at rub de

Available format(s): PDF | BibTeX Citation

Version: 20210624:150652 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]