Paper 2021/863

Authenticated Key Exchange and Signatures with Tight Security in the Standard Model

Shuai Han, Tibor Jager, Eike Kiltz, Shengli Liu, Jiaxin Pan, Doreen Riepel, and Sven Schäge


We construct the first authenticated key exchange protocols that achieve tight security in the standard model. Previous works either relied on techniques that seem to inherently require a random oracle, or achieved only “Multi-Bit-Guess” security, which is not known to compose tightly, for instance, to build a secure channel. Our constructions are generic, based on digital signatures and key encapsulation mechanisms (KEMs). The main technical challenges we resolve is to determine suitable KEM security notions which on the one hand are strong enough to yield tight security, but at the same time weak enough to be efficiently instantiable in the standard model, based on standard techniques such as universal hash proof systems. Digital signature schemes with tight multi-user security in presence of adaptive corruptions are a central building block, which is used in all known constructions of tightly-secure AKE with full forward security. We identify a subtle gap in the security proof of the only previously known efficient standard model scheme by Bader et al. (TCC 2015). We develop a new variant, which yields the currently most efficient signature scheme that achieves this strong security notion without random oracles and based on standard hardness assumptions.

Available format(s)
Public-key cryptography
Publication info
A major revision of an IACR publication in CRYPTO 2021
Authenticated key exchangedigital signaturestightness
Contact author(s)
dalen17 @ sjtu edu cn
tibor jager @ uni-wuppertal de
eike kiltz @ rub de
slliu @ sjtu edu cn
jiaxin pan @ ntnu no
doreen riepel @ rub de
sven schaege @ rub de
2021-06-24: received
Short URL
Creative Commons Attribution


      author = {Shuai Han and Tibor Jager and Eike Kiltz and Shengli Liu and Jiaxin Pan and Doreen Riepel and Sven Schäge},
      title = {Authenticated Key Exchange and Signatures with Tight Security in the Standard Model},
      howpublished = {Cryptology ePrint Archive, Paper 2021/863},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.