Paper 2025/1521

Universally Composable Subversion-Resilient Authenticated Key Exchange

Jiahao Liu, National University of Defense Technology
Yi Wang, National University of Defense Technology
Rongmao Chen, National University of Defense Technology
Xinyi Huang, Jinan University
Jinshu Su, Academy of Military Science
Moti Yung, Google LLC & Columbia University
Abstract

Subversion-resilient cryptography has garnered increasing attention in recent years due to growing concerns about cryptographic subversions in real-world applications. Among the existing countermeasures, the notion of cryptographic reverse firewalls (RFs), initially proposed by Mironov and Stephens-Davidowitz (EUROCRYPT 2015) and later extended by Chakraborty et al. (EUROCRYPT 2022) to the universally composable (UC) model, has proven to be a powerful tool for building subversion-resilient cryptographic protocols. In this work, we focus on designing subversion-resilient authenticated key exchange (AKE) protocols, which are critical components of secure Internet communication. We present the f irst generic framework for subversion-resilient UC-secure AKE protocols leveraging RFs. In spired by the state-of-the-art advancements by Chakraborty et al. (ASIACRYPT 2024), we address subversions: where a party’s implementation is covertly altered to exfiltrate secrets or behave unpredictably when triggered by adversarial inputs. A key contribution of our work is the introduction of a new AKE functionality which, for the first time, incorporates security against key control, an essential aspect of achieving subversion resilience. We also provide a concrete instantiation of our framework, demonstrating its feasibility in practice. Notably, the RFs in our proposed AKE protocol are transparent, an important property of RF as defined originally, which allows deployment of RF without all parties explicitly knowing about it and allows robust security. Achieving transparency for RFs has been widely regarded as challenging, particularly when addressing broader subversion attacks (e.g., input-trigger attacks) in the UC model. Our approach, thus, not only advances the state of AKE protocol design, but also offers insights into building other subversion-resilient protocols in the UC model using transparent RFs.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A major revision of an IACR publication in ASIACRYPT 2025
Keywords
authentiated key exchangesubversion resilienceuniversal composability
Contact author(s)
liujiahao14 @ nudt edu cn
wangyi14 @ nudt edu cn
chromao @ nudt edu cn
xyhuang81 @ gmail com
sjs @ nudt edu cn
motiyung @ gmail com
History
2025-08-28: approved
2025-08-25: received
See all versions
Short URL
https://ia.cr/2025/1521
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/1521,
      author = {Jiahao Liu and Yi Wang and Rongmao Chen and Xinyi Huang and Jinshu Su and Moti Yung},
      title = {Universally Composable Subversion-Resilient Authenticated Key  Exchange},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/1521},
      year = {2025},
      url = {https://eprint.iacr.org/2025/1521}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.