Paper 2022/382

Witness-Authenticated Key Exchange Revisited: Improved Models, Simpler Constructions, Extensions to Groups

Matteo Campanelli, Rosario Gennaro, Kelsey Melissaris, and Luca Nizzardo


We revisit the notion of Witness Authenticated Key Exchange ($\mathsf{WAKE}$) where a party can be authenticated through a generic witness to an $\mathsf{NP}$ statement. We point out shortcomings of previous definitions, protocols and security proofs in Ngo et al. (Financial Cryptography 2021) for the (unilaterally-authenticated) two-party case. In order to overcome these limitations we introduce new models and protocols, including the first definition in literature of group witness-authenticated key exchange. We provide simple constructions based on (succinct) signatures of knowledge. Finally, we discuss their concrete performance for several practical applications in highly decentralized networks.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
key agreementsignatures of knowledgewitness encryption
Contact author(s)
matteo @ protocol ai
kelseymelissaris @ gmail com
luca nizzardo @ protocol ai
rosario gennaro @ protocol ai
2022-03-28: received
Short URL
Creative Commons Attribution


      author = {Matteo Campanelli and Rosario Gennaro and Kelsey Melissaris and Luca Nizzardo},
      title = {Witness-Authenticated Key Exchange Revisited: Improved Models, Simpler Constructions, Extensions to Groups},
      howpublished = {Cryptology ePrint Archive, Paper 2022/382},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.