Navigationsweiche Anfang

Navigationsweiche Ende

Select language

IT Security and Cryptography

Prof. Dr.-Ing. Tibor Jager


    The paper "Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!" was... [more]
  • 2 Accepted Papers at Asiacrypt 2021
    Two research papers from our chair were accepted to the 27th Annual International Conference on the... [more]
  • PhD Defense: Dr.-Ing. Peter Chvojka
    Dr.-Ing. Peter Chvojka successfully defended his PhD thesis "Time Reveals The Truth - More Efficient... [more]
  • Kai Gellert appointed to a tenured position
    Kai Gellert was appointed to a tenured position (Akademischer Rat) with effect from April 2. [more]
  • Tibor Jager invited to the program committee of the IEEE Security and Privacy 2022 conference
    The IEEE Security and Privacy conference ("Oakland") ist the flagship conference of IEEE in IT... [more]
go to Archive ->

Accepted paper at EUROCRYPT 2021

The paper "Tightly-Secure Authenticated Key Exchange, Revisited" was accepted to EUROCRYPT 2021, one of the international flagship conferences in cryptology.

This paper is joint work of Eike Kiltz, Doreen Riepel and Sven Schäge (Ruhr-Universität Bochum) and Tibor Jager.

We introduce new tightly-secure authenticated key exchange (AKE) protocols that are extremely efficient, yet have only a constant security loss and can be instantiated in the random oracle model both from the standard DDH assumption and a subgroup assumption over RSA groups. These protocols can be deployed with optimal parameters, independent of the number of users or sessions, without the need to compensate a security loss with increased parameters and thus decreased computational efficiency. We use the standard “Single-Bit-Guess” AKE security (with forward secrecy and state corruption) requiring all challenge keys to be simultaneously pseudo-random. In contrast, most previous papers on tightly secure AKE protocols (Bader et al., TCC 2015; Gjøsteen and Jager, CRYPTO 2018; Liu et al., ASIACRYPT 2020) concentrated on a non-standard “Multi-Bit-Guess” AKE security which is known not to compose tightly with symmetric primitives to build a secure communication channel. Our key technical contribution is a new generic approach to construct tightly-secure AKE protocols based on non-committing key encapsulation mechanisms. The resulting DDH-based protocols are considerably more efficient than all previous constructions.