Navigationsweiche Anfang

Navigationsweiche Ende

Sprache wählen

IT Security and Cryptography

Prof. Dr.-Ing. Tibor Jager


    Das Paper "Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!" wurde... [mehr]
  • 2 Accepted Paper auf der Asiacrypt 2021
    Zwei Forschungspapiere unseres Lehrstuhl wurden zur 27th Annual International Conference on the... [mehr]
  • Promotionsprüfung: Dr.-Ing. Peter Chvojka
    Dr.-Ing. Peter Chvojka hat am 25. Juni 2021 seine Promotionsprüfung zum Thema Time Reveals The Truth... [mehr]
  • Kai Gellert zum Akademischen Rat ernannt
    Kai Gellert wurde mit Wirkung zum 02. April zum Akademischen Rat ernannt. [mehr]
  • Tibor Jager im Programmkommittee der IEEE Security and Privacy 2022 Konferenz
    Die IEEE Security and Privacy Konferenz ("Oakland") ist die Flaggschiff-Konferenz der IEEE im... [mehr]
zum Archiv ->

Accepted paper at EUROCRYPT 2021

The paper "Tightly-Secure Authenticated Key Exchange, Revisited" was accepted to EUROCRYPT 2021, one of the international flagship conferences in cryptology.



This paper is joint work of Eike Kiltz, Doreen Riepel and Sven Schäge (Ruhr-Universität Bochum) and Tibor Jager.



We introduce new tightly-secure authenticated key exchange (AKE) protocols that are extremely efficient, yet have only a constant security loss and can be instantiated in the random oracle model both from the standard DDH assumption and a subgroup assumption over RSA groups. These protocols can be deployed with optimal parameters, independent of the number of users or sessions, without the need to compensate a security loss with increased parameters and thus decreased computational efficiency. We use the standard “Single-Bit-Guess” AKE security (with forward secrecy and state corruption) requiring all challenge keys to be simultaneously pseudo-random. In contrast, most previous papers on tightly secure AKE protocols (Bader et al., TCC 2015; Gjøsteen and Jager, CRYPTO 2018; Liu et al., ASIACRYPT 2020) concentrated on a non-standard “Multi-Bit-Guess” AKE security which is known not to compose tightly with symmetric primitives to build a secure communication channel. Our key technical contribution is a new generic approach to construct tightly-secure AKE protocols based on non-committing key encapsulation mechanisms. The resulting DDH-based protocols are considerably more efficient than all previous constructions.