Paper 2022/1338

Privacy-Preserving Authenticated Key Exchange: Stronger Privacy and Generic Constructions

Sebastian Ramacher, AIT Austrian Institute of Technology
Daniel Slamanig, AIT Austrian Institute of Technology
Andreas Weninger, TU Wien

Authenticated key-exchange (AKE) protocols are an important class of protocols that allow two parties to establish a common session key over an insecure channel such as the Internet to then protect their communication. They are widely deployed in security protocols such as TLS, IPsec and SSH. Besides the confidentiality of the communicated data, an orthogonal but increasingly important goal is the protection of the confidentiality of the identities of the involved parties (aka privacy). For instance, the Encrypted Client Hello (ECH) mechanism for TLS 1.3 has been designed for exactly this reason. Recently, a series of works (Zhao CCS'16, Arfaoui et al. PoPETS'19, Schäge et al. PKC'20) studied privacy guarantees of (existing) AKE protocols by integrating privacy into AKE models. We observe that these so called privacy-preserving AKE (PPAKE) models are typically strongly tailored to the specific setting, i.e., concrete protocols they investigate. Moreover, the privacy guarantees in these models might be too weak (or even are non-existent) when facing active adversaries. In this work we set the goal to provide a single PPAKE model that captures privacy guarantees against different types of attacks, thereby covering previously proposed notions as well as so far not achieved privacy guarantees. In doing so, we obtain different "degrees" of privacy within a single model, which, in its strongest forms also capture privacy guarantees against powerful active adversaries. We then proceed to investigate (generic) constructions of AKE protocols that provide strong privacy guarantees in our PPAKE model. This includes classical Diffie-Hellman type protocols as well as protocols based on generic building blocks, thus covering post-quantum instantiations.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. ESORICS 2021
privacy-preserving authenticated key exchange
Contact author(s)
sebastian ramacher @ ait ac at
daniel slamanig @ ait ac at
andreas weninger @ tuwien ac at
2022-10-10: approved
2022-10-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sebastian Ramacher and Daniel Slamanig and Andreas Weninger},
      title = {Privacy-Preserving Authenticated Key Exchange: Stronger Privacy and Generic Constructions},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1338},
      year = {2022},
      doi = {10.1007/978-3-030-88428-4_33},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.