Key Exchange and Authenticated Key Exchange with Reusable Keys Based on RLWE Assumption

Jintai Ding University of Cincinnati Pedro Branco SQIG-IT; IST-Universidade de Lisboa Kevin Schmitt University of Cincinnati

TBD mathscidoc:2207.43126

IACR Cryptol. ePrint Arch., 2019.6
Key Exchange (KE) is, undoubtedly, one of the most used cryptographic primitives in practice. Its authenticated version, Authenticated Key Exchange (AKE), avoids man-in-the-middle-based attacks by providing authentication for both parties involved. It is widely used on the Internet, in protocols such as TLS or SSH. In this work, we provide new constructions for KE and AKE based on ideal lattices in the Random Oracle Model (ROM). The contributions of this work can be summarized as follows: 1) It is well-known that RLWE-based KE protocols are not robust for key reuses since the signal function leaks information about the secret key. We modify the design of previous RLWE-based KE schemes to allow key reuse in the ROM. Our construction makes use of a new technique called pasteurization which enforces a supposedly RLWE sample sent by the other party to be indeed indistinguishable from a uniform sample and, therefore, ensures no information leakage in the whole KE process. 2) We build a new AKE scheme based on the construction above. The scheme provides implicit authentication (that is, it does not require the use of any other authentication mechanism, like a signature scheme) and it is proven secure in the Bellare-Rogaway model with weak Perfect Forward Secrecy in the ROM. It improves previous designs for AKE schemes based on lattices in several aspects. Our construction just requires sampling from only one discrete Gaussian distribution and avoids rejection sampling and noise flooding techniques, unlike previous proposals (Zhang et al., EUROCRYPT 2015). Thus, the scheme is much more efficient than previous constructions in terms of computational and communication complexity. Since our constructions are provably secure assuming the hardness of the RLWE problem, they are considered to be robust against quantum adversaries and, thus, suitable for post-quantum applications.
No keywords uploaded!
[ Download ] [ 2022-07-22 17:30:42 uploaded by dingjt ] [ 27 downloads ] [ 0 comments ]
  title={Key Exchange and Authenticated Key Exchange with Reusable Keys Based on RLWE Assumption},
  author={Jintai Ding, Pedro Branco, and Kevin Schmitt},
  booktitle={IACR Cryptol. ePrint Arch.},
Jintai Ding, Pedro Branco, and Kevin Schmitt. Key Exchange and Authenticated Key Exchange with Reusable Keys Based on RLWE Assumption. 2019. In IACR Cryptol. ePrint Arch..
Please log in for comment!
Contact us: | Copyright Reserved