Paper 2023/823
Lattice-based Authenticated Key Exchange with Tight Security
Abstract
We construct the first tightly secure authenticated key exchange (AKE) protocol from lattices. Known tight constructions are all based on Diffie-Hellman-like assumptions. Thus, our protocol is the first construction with tight security from a post-quantum assumption. Our AKE protocol is constructed tightly from a new security notion for key encapsulation mechanisms (KEMs), called one-way security against checkable chosen-ciphertext attacks (OW- ChCCA). We show how an OW-ChCCA secure KEM can be tightly constructed based on the Learning With Errors assumption, leading to the desired AKE protocol. To show the usefulness of OW-ChCCA security beyond AKE, we use it to construct the first tightly bilateral selective-opening (BiSO) secure PKE. BiSO security is a stronger selective-opening notion proposed by Lai et al. (ASIACRYPT 2021).
Note: Minor Editorial Changes
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- A minor revision of an IACR publication in CRYPTO 2023
- Keywords
- Authenticated Key ExchangeLatticesTight SecuritySelective-Opening SecurityRandom Oracle
- Contact author(s)
-
jiaxin pan @ ntnu no
benedikt wagner @ cispa de
runzhi zeng @ ntnu no - History
- 2023-06-07: last of 2 revisions
- 2023-06-02: received
- See all versions
- Short URL
- https://ia.cr/2023/823
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/823, author = {Jiaxin Pan and Benedikt Wagner and Runzhi Zeng}, title = {Lattice-based Authenticated Key Exchange with Tight Security}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/823}, year = {2023}, url = {https://eprint.iacr.org/2023/823} }