Paper 2022/1217

Privacy-Preserving Authenticated Key Exchange in the Standard Model

You Lyu
Shengli Liu
Shuai Han
Dawu Gu

Privacy-Preserving Authenticated Key Exchange (PPAKE) provides protection both for the session keys and the identity information of the involved parties. In this paper, we introduce the concept of robustness into PPAKE. Robustness enables each user to confirm whether itself is the target recipient of the first round message in the protocol. With the help of robustness, a PPAKE protocol can successfully avoid the heavy redundant communications and computations caused by the ambiguity of communicants in the existing PPAKE, especially in broadcast channels. We propose a generic construction of robust PPAKE from key encapsulation mechanism (KEM), digital signature (SIG), message authentication code (MAC), pseudo-random generator (PRG) and symmetric encryption (SE). By instantiating KEM, MAC, PRG from the DDH assumption and SIG from the CDH assumption, we obtain a specific robust PPAKE scheme in the standard model, which enjoys forward security for session keys, explicit authentication and forward privacy for user identities. Thanks to the robustness of our PPAKE, the number of broadcast messages per run and the computational complexity per user are constant, and in particular, independent of the number of users in the system.

Available format(s)
Cryptographic protocols
Publication info
A minor revision of an IACR publication in ASIACRYPT 2022
Authenticated key exchange Privacy Robustness
Contact author(s)
vergil @ sjtu edu cn
slliu @ sjtu edu cn
dalen17 @ sjtu edu cn
dwgu @ sjtu edu cn
2022-09-15: approved
2022-09-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {You Lyu and Shengli Liu and Shuai Han and Dawu Gu},
      title = {Privacy-Preserving Authenticated Key Exchange in the Standard Model},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1217},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.