Tightly Secure ID-based Authenticated Key Exchange
Pages 42 - 53
Abstract
In CRYPTO 2021, Han et al. proposed a PKI-based authenticated key exchange (AKE) scheme that satisfies tight security in the standard model by using KEM and digital signature with multi-user security as building blocks. On the other hand, no tightly secure ID-based AKE (ID-AKE) scheme is known. ID-AKE has the advantage that certificate management is unnecessary, and the authentication can be based on the party’s public ID, such as an e-mail address. In this paper, we propose the first tightly secure ID-AKE scheme in the standard model. First, we extend the security model of Han et al.’s PKI-based AKE to the security model for ID-AKE. Next, we introduce a generic construction with multi-user secure KEM and ID-based signature (IBS) as building blocks and prove the tight security in our security model. For instantiating the underlying IBS, we also revisit the security proof of the existing generic construction of tightly secure IBS proposed by Lee et al. We point out a problem in their proof and correct it by strengthening an assumption. As an instantiation of our scheme, a tightly secure ID-AKE scheme under the MDDH assumption can be realized in the standard model.
References
[1]
[1] Han, S., Jager, T., Kiltz, E., Liu, S., Pan, J., Riepel, D.,Schäge, S.:Authenticated key exchange and signatures with tight security in the standard model. CRYPTO 2021, pp.670-700. 2021.
[2]
[2] Liu, X., Liu, S., Gu, D., Weng, J.:Two-pass authenticated key exchange with explicit authentication and tight security. ASIACRYPT 2020, pp.785–814. 2020.
[3]
[3] Li, Y., Schäge, S.:No-match attacks and robust partnering definitions:Defining trivial attacks for security protocols is not trivial. ACM CCS 2017, pp.1343–1360. 2017.
[4]
[4] Han, S., Liu, S., Lyu, L., Gu, D.:Tight leakage-resilient CCA-security from quasi-adaptive hash proof system. CRYPTO 2019, pp.417–447. 2019.
[5]
[5] Lee, Y., Park, J.H., Lee, K., Lee, D.H.:Tight security for the generic construction of identity-based signature (in the multi-instance setting). Theoretical Computer Science 847, pp.122–133. 2020.
[6]
[6] Bader, C., Hofheinz, D., Jager, T., Kiltz, E., Li, Y.:Tightly-secure authenticated key exchange. TCC 2015, pp.629–658. 2015.
[7]
[7] Gjøsteen, K., Jager, T.:Practical and tightly-secure digital signatures and authenticated key exchange. CRYPTO 2018, pp.95–125. 2018.
[8]
[8] Jager, T., Kiltz, E., Riepel, D., Schäge, S.:Tightly-secure authenticated key exchange, revisited. EUROCRYPT 2021, pp.17-146. 2021.
[9]
[9] Diemert, D., Jager, T.:On the tight security of TLS 1.3:Theoretically-sound cryptographic parameters for real-world deployments. Journal of Cryptology 34.3 2021, pp.1-57. 2021.
[10]
[10] Davis, H., Günther, F.:Tighter proofs for the SIGMA and TLS 1.3 key exchange protocols. ACNS 2021, pp.448-479. 2021.
[11]
[11] Pan, J., Wagner, B.:Short Identity-Based Signatures with Tight Security from Lattices. PQCrypto 2021, pp.360-379. 2021.
[12]
[12] Chen, L., Cheng, Z., Smart, N.P.:Identity-based Key Agreement Protocols From Pairings. International Journal of Information Security 6.4, pp.213–241. 2007.
[13]
[13] Huang, H., Cao, Z.:An ID-based Authenticated Key Exchange Protocol Based on Bilinear Diffie-Hellman Problem. ASIACCS 2009, pp.333–342. 2009.
[14]
[14] Fiore, D., Gennaro, R.:Making the Diffie-Hellman Protocol Identity-Based. CT-RSA 2010, pp.165–178. 2010.
[15]
[15] Escala, A., Herold, G., Kiltz, E., Ráfols, C., Villar, J.:An algebraic framework for Diffie-Hellman assumptions. Journal of Cryptology 30(1), pp.242–288. 2017.
[16]
[16] Dodis, Y., Katz, J., Xu, S., Yung, M.:Strong key-insulated signature schemes. PKC 2003, Springer, 2003, pp.130–144.
[17]
[17] Bellare, M., Namprempre, C., Neven, G.:Security proofs for identity-based identification and signature schemes. EUROCRYPT 2004, Springer, pp.268–286.
[18]
[18] Fukumitsu, M., Hasegawa, S.:A Galindo-Garcia-like identity-based signature with tight reduction. Fifth International Symposium on Computing and Networking (CANDAR), IEEE, pp. 87–93. 2017.
[19]
[19] Zhang, X., Liu, S., Gu, D., Liu, J.K.:A generic construction of tightly secure signatures in the multi-user setting. Theor. Comput. Sci. 775 (2019) 32–52.
[20]
[20] Pan, J., Wagner, B., Zeng, R.:Lattice-based Authenticated Key Exchange with Tight Security. CRYPTO 2023, pp. 616–647.
[21]
[21] Du, X., Wang, Y., Ge, J.:Id-based authenticated two round multi-party key agreement. Crtptology EPrintArchive 2003.
[22]
[22] Wang, S.B., Cao, Z.F., Dong, X.L.:Provavbly secure Identity-based key exchange protocols in the standerd model. Chin J Comput, 30(10)(2007), PP.842-1852.
[23]
[23] Günther, C.G.:An identity-based key-exchange protocol. EUROCRYPT’89, Springer Berlin Heidelberg, 1990 pp.29-37.
[24]
[24] Chia, J., Chin, J.J., Yip, S.C.:Digital signature schemes with strong existential unforgeability. FResearch, vol. 10, no. 931, pp. 1–13, 2021.
[25]
[25] Tomida, J., Fujioka, A., Nagai, A., Suzuki, K.: Strongly Secure Identity-Based Key Exchange with Single Pairing Operation. ESORICS (2) 2019: 484-503
[26]
[26] Abdalla, M., Fouque, P.A., Pointcheval, D.:Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005
[27]
[27] Naor, M., Reingold, O.: Number-theoretic constructions of effcient pseudo-random functions. In 38th FOCS. pp. 458-467. IEEE Computer Society Press (Oct 1997)
[28]
[28] Blazy, O., Kakvi, S.A., Kiltz, E., Pan, J.: Tightly-Secure Signatures from Chameleon Hash Functions. PKC 2015, pp 256–279
[29]
[29] Teranishi, I., Oyama, T., Ogata, W.: General conversion for obtaining strongly existentially unforgeable signatures. In INDOCRYPT 2006, LNCS, pages 191–205.
[30]
[30] Libert, B., Quisquater, J.J.: The Exact Security of an Identity Based Signature and its applications. Cryptology ePrint Archive, Paper 2004/102
[31]
[31] Fukumitsu, M., Hasegawa, S.:Toward Tight Security of the Galindo–Garcia Identity-based Signature. Interdisciplinary Information Sciences, 2023, Volume 29, Issue 2, Pages 99-108A
[32]
[32] Chen, J., Jo, H., Sato, S., Shikata, J.:Tightly Secure Identity-Based Signature Scheme from Isogenies. PQCrypto 2023, pp 141–163
[33]
[33] Chen, L., Kudla, C.: Identity based authenticated key agreement protocols from pairings. 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings. (pp. 219-233).
[34]
[34] Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. Symposium on Cryptography and Information Security (SCIS’00), Okinawa, Japan, pp. 26-28, Jan. 2000.
[35]
[35] Galindo, D., Garcia, F.: A Schnorr-like lightweight identity-based signature scheme. AFRICACRYPT 2009, volume 5580 of Lecture Notes in Computer Science, pages 135–148. Springer
[36]
[36] Bellare, M., Rogaway, P.:Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security 1993 (pp. 62-73).
[37]
[37] LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. Proceedings of the ProvSec 2007, LNCS, Vol. 4784, Springer-Verlag, 2007, p. 1–16
Index Terms
- Tightly Secure ID-based Authenticated Key Exchange
Recommendations
Tightly Secure Non-Interactive Multisignatures in the Plain Public Key Model
Multisignature scheme allows a group of signers to generate a compact signature on a common document that certifies they endorsed the message. However, the existing state of the art multisignatures often suffers from the following problems: impractical ...
Efficient Strongly Unforgeable ID-Based Signature Without Random Oracles
Up to date, a large number of ID-based signature (IBS) schemes based on bilinear pairings have been proposed. Most of these IBS schemes possess existential unforgeability under adaptive chosen-message attacks, among which some offer strong ...
Tightly Secure Identity-Based Signature from Cryptographic Group Actions
Provable and Practical SecurityAbstractIdentity-based Signatures (IBS) are a form of digital signature scheme that enables the generation and verification of signatures based on a user’s identity, such as an email address, social security number, or any other unique identifier. Recent ...
Comments
Information & Contributors
Information
Published In
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- JSPS KAKENHI
Conference
ASIA CCS '24
Sponsor:
ASIA CCS '24: ACM Asia Conference on Computer and Communications Security
July 1 - 5, 2024
Singapore, Singapore
Acceptance Rates
Overall Acceptance Rate 36 of 103 submissions, 35%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 91Total Downloads
- Downloads (Last 12 months)91
- Downloads (Last 6 weeks)7
Reflects downloads up to 19 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format