International Association for Cryptologic Research

International Association
for Cryptologic Research


Authenticated Key Exchange and Signatures with Tight Security in the Standard Model

Shuai Han , Shanghai Jiao Tong University
Tibor Jager , Bergische Universität Wuppertal
Eike Kiltz , Ruhr-Universität Bochum
Shengli Liu , Shanghai Jiao Tong University
Jiaxin Pan , NTNU, Norway
Doreen Riepel , Ruhr-Universität Bochum
Sven Schäge , Ruhr-Universität Bochum
DOI: 10.1007/978-3-030-84259-8_23 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: CRYPTO 2021
Abstract: We construct the first authenticated key exchange protocols that achieve tight security in the standard model. Previous works either relied on techniques that seem to inherently require a random oracle, or achieved only “Multi-Bit-Guess” security, which is not known to compose tightly, for instance, to build a secure channel. Our constructions are generic, based on digital signatures and key encapsulation mechanisms (KEMs). The main technical challenges we resolve is to determine suitable KEM security notions which on the one hand are strong enough to yield tight security, but at the same time weak enough to be efficiently instantiable in the standard model, based on standard techniques such as universal hash proof systems. Digital signature schemes with tight multi-user security in presence of adaptive corruptions are a central building block, which is used in all known constructions of tightly-secure AKE with full forward security. We identify a subtle gap in the security proof of the only previously known efficient standard model scheme by Bader et al. (TCC 2015). We develop a new variant, which yields the currently most efficient signature scheme that achieves this strong security notion without random oracles and based on standard hardness assumptions.
Video from CRYPTO 2021
  title={Authenticated Key Exchange and Signatures with Tight Security in the Standard Model},
  author={Shuai Han and Tibor Jager and Eike Kiltz and Shengli Liu and Jiaxin Pan and Doreen Riepel and Sven Schäge},