Abstract | ||
---|---|---|
Tightly secure authenticated key exchange (AKE), whose security is independent from the number of users and sessions (tight security), has been studied by Bader et al. [TCC 2015] and Gjosteen-Jager [CRYPTO 2018] in the Bellare-Rogaway (BR) model. However, how to achieve tight security in stronger models (e.g., the Canetti-Krawczyk (CK) model and the extended Canetti-Krawczyk (eCK) model) were still left as an open problem by now.In this paper, we investigate this problem in the CK model. We start from a generic construction [ACISP 2008] based on key encapsulated mechanisms (KEMs). We analyze the reason why it cannot achieve tight reduction, by merely assuming the underlying KEMs are secure in the multi-user and multi-challenge setting with corruption as Bader et al. [TCC 2015] and Gjosteen-Jager [CRYPTO 2018] did. Then we put forward a new generic construction to overcome the potential obstacles.In addition, we introduce a strong type of chosen ciphertext attack in the multi-user and multi-challenge setting with corruption for tagbased key encapsulated mechanism (TB-KEM), where adversaries are not only allowed to adaptively corrupt secret keys of users, generate multi-challenges with different coins, and open some challenges as well. We further prove that the Naor-Yung transform also works in this model, hence our generic construction can be instantiated. |
Year | DOI | Venue |
---|---|---|
2020 | 10.1007/978-3-030-40186-3_9 | TOPICS IN CRYPTOLOGY, CT-RSA 2020 |
Keywords | DocType | Volume |
Tight security, Authenticated key exchange, The CK model, Multi-user, Multi-challenge, Corruption | Conference | 12006 |
ISSN | Citations | PageRank |
0302-9743 | 0 | 0.34 |
References | Authors | |
0 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yuting Xiao | 1 | 2 | 1.04 |
Rui Zhang | 2 | 7 | 5.87 |
Hui Ma | 3 | 20 | 4.05 |