Navigationsweiche Anfang

Navigationsweiche Ende

Select language

IT Security and Cryptography


Prof. Dr.-Ing. Tibor Jager

News

  • 4 Accepted Papers at PKC 2021
    Last week, four papers have been accepted to the 24th International Conference on Practice and... [more]
  • Accepted paper at EUROCRYPT 2021
    The paper "Tightly-Secure Authenticated Key Exchange, Revisited" was accepted to EUROCRYPT 2021, one... [more]
  • Accepted Paper to the Journal of Cryptology
    The research paper "Session Resumption Protocols and Efficient Forward Security for TLS 1.3 0-RTT"... [more]
  • GDD Science Award for Kai Gellert
    Dr.-Ing. Kai Gellert was awarded this year's science award from the Society for Data Protection and... [more]
  • Tibor Jager joins the program committee of ESORICS 2021
    ESORICS 2021 is the 26th European Symposium on Research in Computer Security. [more]
go to Archive ->

Accepted paper at EUROCRYPT 2021

The paper "Tightly-Secure Authenticated Key Exchange, Revisited" was accepted to EUROCRYPT 2021, one of the international flagship conferences in cryptology.

This paper is joint work of Eike Kiltz, Doreen Riepel and Sven Schäge (Ruhr-Universität Bochum) and Tibor Jager.


Abstract:
We introduce new tightly-secure authenticated key exchange (AKE) protocols that are extremely efficient, yet have only a constant security loss and can be instantiated in the random oracle model both from the standard DDH assumption and a subgroup assumption over RSA groups. These protocols can be deployed with optimal parameters, independent of the number of users or sessions, without the need to compensate a security loss with increased parameters and thus decreased computational efficiency. We use the standard “Single-Bit-Guess” AKE security (with forward secrecy and state corruption) requiring all challenge keys to be simultaneously pseudo-random. In contrast, most previous papers on tightly secure AKE protocols (Bader et al., TCC 2015; Gjøsteen and Jager, CRYPTO 2018; Liu et al., ASIACRYPT 2020) concentrated on a non-standard “Multi-Bit-Guess” AKE security which is known not to compose tightly with symmetric primitives to build a secure communication channel. Our key technical contribution is a new generic approach to construct tightly-secure AKE protocols based on non-committing key encapsulation mechanisms. The resulting DDH-based protocols are considerably more efficient than all previous constructions.