Skip to main content
Springer Nature Link
Log in

Security Model for Authenticated Key Exchange, Reconsidered

  • Conference paper
  • First Online:
Security and Cryptography for Networks (SCN 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14974))

Included in the following conference series:

  • 218 Accesses

Abstract

Authenticated key exchange (AKE) is a fundamental cryptographic protocol that establishes a secure channel over the Internet. The security for AKE is defined as a security game between an adversary and the challenger. Especially, partners and freshness of the session are used to identify trivial attacks by the adversary. Roughly, partners are instances that derive the same session key, and freshness determines whether an adversary’s behavior constitutes trivial attacks. In this work, we reconsider security definitions for AKE and point out the shortcomings of the conventional partners and freshness definition. Then, we propose a new robust and strong security definition. First, we propose a new definition of partners based on round identifiers. Second, we propose a new freshness definition, which captures more non-trivial attacks than the conventional ones. We introduce a new notion of miscommunicators to identify the adversary’s behavior more accurately than conventional definitions. This allows, for example, the behavior of sending the first message as-is and tampering with the second message to be viewed as a non-trivial attack, which was considered a trivial attack in conventional definitions. Our new security definition is strictly stronger than the conventional one. As evidence of this, we provide a new construction of AKE that is secure in the conventional definition but insecure in the new definition.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    For simplicity, here we assume that each party interacts only with one peer party.

  2. 2.

    Brendel et al. [4] does not name this relation, but uses in the definition of freshness. We give the name “potential partner”, a generalized notion of “partial matching session” used in, e.g., [14].

  3. 3.

    Matching session uses this definition of function \(\textsf{F} _{k}\).

  4. 4.

    We assume \(\textsf{MAC}\) has perfect correctness.

  5. 5.

    \(\textsf{AKEM} '\) defined in the previous section does not satisfy \(\textsf{IND}\text {-}\) \(\textsf{CPKA}\) security.

References

  1. Alwen, J., Blanchet, B., Hauck, E., Kiltz, E., Lipp, B., Riepel, D.: Analysing the HPKE standard. In: Canteaut and Standaert [6], pp. 87–116. https://doi.org/10.1007/978-3-030-77870-5_4

  2. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_11

    Chapter  Google Scholar 

  3. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21

    Chapter  Google Scholar 

  4. Brendel, J., Fiedler, R., Günther, F., Janson, C., Stebila, D.: Post-quantum asynchronous deniable key exchange and the signal handshake. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) PKC 2022, Part II. LNCS, vol. 13178, pp. 3–34. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-030-97131-1_1

    Chapter  Google Scholar 

  5. Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_28

    Chapter  Google Scholar 

  6. Canteaut, A., Standaert, F.X. (eds.): EUROCRYPT 2021, Part I. LNCS, vol. 12696. Springer, Heidelberg (2021)

    Google Scholar 

  7. Cohn-Gordon, K., Cremers, C., Gjøsteen, K., Jacobsen, H., Jager, T.: Highly efficient key exchange protocols with optimal tightness. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part III. LNCS, vol. 11694, pp. 767–797. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_25

    Chapter  Google Scholar 

  8. de Saint Guilhem, C., Fischlin, M., Warinschi, B.: Authentication in key-exchange: definitions, relations and composition. In: Jia, L., Küsters, R. (eds.) CSF 2020 Computer Security Foundations Symposium, pp. 288–303. IEEE Computer Society Press (2020). https://doi.org/10.1109/CSF49147.2020.00028

  9. Fujioka, A., Suzuki, K., Xagawa, K., Yoneyama, K.: Strongly secure authenticated key exchange from factoring, codes, and lattices. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 467–484. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30057-8_28

    Chapter  Google Scholar 

  10. Han, S., et al.: Authenticated key exchange and signatures with tight security in the standard model. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part IV. LNCS, vol. 12828, pp. 670–700. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84259-8_23

    Chapter  Google Scholar 

  11. Hashimoto, K., Katsumata, S., Kwiatkowski, K., Prest, T.: An efficient and generic construction for signal’s handshake (X3DH): post-quantum, state leakage secure, and deniable. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12711, pp. 410–440. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75248-4_15

    Chapter  Google Scholar 

  12. Hashimoto, K., Katsumata, S., Kwiatkowski, K., Prest, T.: An efficient and generic construction for signal’s handshake (X3DH): post-quantum, state leakage secure, and deniable. J. Cryptol. 35(3), 17 (2022). https://doi.org/10.1007/s00145-022-09427-1

    Article  MathSciNet  Google Scholar 

  13. Hövelmanns, K., Kiltz, E., Schäge, S., Unruh, D.: Generic authenticated key exchange in the quantum random oracle model. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020, Part II. LNCS, vol. 12111, pp. 389–422. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45388-6_14

    Chapter  Google Scholar 

  14. Jager, T., Kiltz, E., Riepel, D., Schäge, S.: Tightly-secure authenticated key exchange, revisited. In: Canteaut and Standaert [6], pp. 117–146. https://doi.org/10.1007/978-3-030-77870-5_5

  15. Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_33

    Chapter  Google Scholar 

  16. LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75670-5_1

    Chapter  Google Scholar 

  17. Li, Y., Schäge, S.: No-match attacks and robust partnering definitions: defining trivial attacks for security protocols is not trivial. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 1343–1360. ACM Press (2017). https://doi.org/10.1145/3133956.3134006

  18. Pan, J., Qian, C., Ringerud, M.: Signed Diffie-Hellman Key Exchange with Tight Security. In: Paterson, K.G. (ed.) CT-RSA 2021. LNCS, vol. 12704, pp. 201–226. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75539-3_9

    Chapter  Google Scholar 

Download references

Acknowledgements

The authors thank the anonymous reviewers of SCN 2024 for their constructive comments and suggestions. Keitaro Hashimoto was partially supported by JST CREST JPMJCR22M1, Japan.

Author information

Authors and Affiliations

  1. Tokyo Institute of Technology, Meguro City, Japan

    Xichen Zhang & Wakaha Ogata

  2. National Institute of Advanced Industrial Science and Technology (AIST), Tokyo, Japan

    Keitaro Hashimoto

Authors
  1. Xichen Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Keitaro Hashimoto
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wakaha Ogata
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Keitaro Hashimoto .

Editor information

Editors and Affiliations

  1. Università degli Studi di Salerno, Fisciano, Italy

    Clemente Galdi

  2. Télécom Paris, Paris, France

    Duong Hieu Phan

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, X., Hashimoto, K., Ogata, W. (2024). Security Model for Authenticated Key Exchange, Reconsidered. In: Galdi, C., Phan, D.H. (eds) Security and Cryptography for Networks. SCN 2024. Lecture Notes in Computer Science, vol 14974. Springer, Cham. https://doi.org/10.1007/978-3-031-71073-5_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-71073-5_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-71072-8

  • Online ISBN: 978-3-031-71073-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics