Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange

@inproceedings{Gjsteen2018PracticalAT,
  title={Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange},
  author={Kristian Gj{\o}steen and Tibor Jager},
  booktitle={IACR Cryptol. ePrint Arch.},
  year={2018}
}
Tight security is increasingly gaining importance in real-world cryptography, as it allows to choose cryptographic parameters in a way that is supported by a security proof, without the need to sacrifice efficiency by compensating the security loss of a reduction with larger parameters. However, for many important cryptographic primitives, including digital signatures and authenticated key exchange (AKE), we are still lacking constructions that are suitable for real-world deployment. 

Figures and Tables from this paper

Tightly Secure Two-Pass Authenticated Key Exchange Protocol in the CK Model
Tightly secure authenticated key exchange (AKE), whose security is independent from the number of users and sessions (tight security), has been studied by Bader et al. [TCC 2015] and Gjosteen-Jager
Tightly-Secure Authenticated Key Exchange, Revisited
We introduce new tightly-secure authenticated key exchange (AKE) protocols that are extremely efficient, yet have only a constant security loss and can be instantiated in the random oracle model both
Authenticated Key Exchange and Signatures with Tight Security in the Standard Model
TLDR
This work identifies a subtle gap in the security proof of the only previously known efficient standard model scheme by Bader et al. (TCC 2015), and develops a new variant, which yields the currently most efficient signature scheme that achieves this strong security notion without random oracles and based on standard hardness assumptions.
On the General Construction of Tightly Secure Identity-Based Signature Schemes
TLDR
This paper combines two known signature schemes, providing the possibility of achieving tight security for IBS schemes in the random oracle model, and presents an efficient IBS scheme with tight security as an example.
Signed Diffie-Hellman Key Exchange with Tight Security
TLDR
The first tight security proof for the ordinary two-message signed Diffie-Hellman key exchange protocol in the random oracle model is proposed and the tightness result is proven in the “Single-BitGuess” model which the authors know can be tightly composed with symmetric cryptographic primitives to establish a secure channel.
Hierarchical Identity-Based Encryption with Tight Multi-Challenge Security
We construct the first hierarchical identity-based encryption (HIBE) scheme with tight adaptive security in the multi-challenge setting, where adversaries are allowed to ask for ciphertexts for
Tight reduction for generic construction of certificateless signature and tightly-secure scheme without pairing
TLDR
It is shown that their construction can achieve tight security if the underlying signature scheme is existentially unforgeable under adaptive chosen-message attacks in the multi-user setting with adaptive corruptions.
Tightly-secure two-pass authenticated key exchange protocol using twin Diffie-Hellman problem
TLDR
This study proposes a tightly-secure two-pass AKE protocol that uses the twin Diffie–Hellman problem and the ‘re-patch’ trick of random oracles to construct a tight security reduction for their protocol, and provides several security properties such as key-compromise-impersonation security, unknown-key-share security, and weak perfect forward secrecy.
Signed (Group) Diffie-Hellman Key Exchange with Tight Security
TLDR
The first tight security proof for the ordinary two-message signed Diffie-Hellman key exchange protocol in the random oracle model is proposed and the tightness result is proven in the “Single-Bit-Guess” model which the authors know can be tightly composed with symmetric cryptographic primitives to establish a secure channel.
Two-Pass Authenticated Key Exchange with Explicit Authentication and Tight Security
TLDR
This work proposes a generic construction of 2-pass authenticated key exchange (AKE) scheme with explicit authentication from key encapsulation mechanism (KEM) and signature (SIG) schemes and defines a new security notion named “IND-mCPA with adaptive reveals” for KEM.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 49 REFERENCES
Multi-key Authenticated Encryption with Corruptions: Reductions Are Lossy
TLDR
By appropriate settings of the parameters of the framework, multi-key variants of many of the existing single-key security notions are obtained.
One-Round Key Exchange with Strong Security: An Efficient and Generic Construction in the Standard Model
TLDR
One-round authenticated key exchange (ORKE) is an established research area, with many prominent protocol constructions like HMQV and Naxos, and many slightly different, strong security models.
Tightly-Secure Authenticated Key Exchange
TLDR
This work constructs the first Authenticated Key Exchange (AKE) protocol whose security does not degrade with an increasing number of users or sessions and proves security in an enhanced version of the classical Bellare-Rogaway security model.
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
TLDR
A formalism for the analysis of key-exchange protocols that combines previous definitional approaches and results in a definition of security that allows for simple modular proofs of security is presented.
(Hierarchical) Identity-Based Encryption from Affine Message Authentication
TLDR
This work provides a generic transformation from any affine message authentication code (MAC) to an identity-based encryption (IBE) scheme over pairing groups of prime order and shows how to construct affine MACs with a tight security reduction to standard assumptions, providing the first tightly secure IBE in the standard model.
Tightly secure signatures and public-key encryption
We construct the first public-key encryption (PKE) scheme whose chosen-ciphertext (i.e., IND-CCA) security can be proved under a standard assumption and does not degrade in either the number of users
On Formal Models for Secure Key Exchange
  • V. Shoup
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 1999
A new formal security model for session key exchange protocols in the public key setting is proposed, and several eecient protocols are analyzed in this model. The relationship between this new model
Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements
TLDR
It is proved that security in the single-user setting implies security inThe multi- user setting as long as the former is interpreted in the strong sense of "indistinguishability," thereby pin-pointing many schemes guaranteed to be secure against Hastad-type attacks.
Entity Authentication and Key Distribution
TLDR
This work provides the first formal treatment of entity authentication and authenticated key distribution appropriate to the distributed environment and presents a definition, protocol, and proof that the protocol meets its goal, assuming only the existence of a pseudorandom function.
Efficient Signatures with Tight Real World Security in the Random-Oracle Model
TLDR
This paper proposes an efficient signature scheme whose security reduction in the above setting is tight and when 80 bits of security are required the authors' signatures are of size roughly 2700 bits.
...
1
2
3
4
5
...