Designing efficient authenticated key exchange resilient to leakage of ephemeral secret keys

Abstract

We investigate a sufficient condition for constructing authenticated key exchange (AKE) protocols which satisfy security in the extended Canetti-Krawczyk (eCK) model proposed by LaMacchia, Lauter and Mityagin. To the best of our knowledge, this is the first approach for providing secure protocols based on the condition. With this condition, we propose a construction of two-pass AKE protocols, and the resulting two-pass AKE protocols are constructed with a single static key and a single ephemeral. In addition, the security proof does not require the Forking Lemma, which degrades the security of a protocol relative to the security of the underlying problem where it is used in the security proof. Therefore, these imply that the protocols constructed with the condition have an advantage in efficiency such as sizes of storage and communication data. The security of the resulting protocols is proved under the gap Diffie-Hellman assumption in the random oracle model. © 2011 Springer-Verlag Berlin Heidelberg.