International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Universally Composable Subversion-Resilient Authenticated Key Exchange

Authors:
Jiahao Liu , National University of Defense Technology
Yi Wang , National University of Defense Technology
Rongmao Chen , National University of Defense Technology
Xinyi Huang , Jinan University
Jinshu Su , Academy of Military Science
Moti Yung , Google LLC and Columbia University
Download:
Search ePrint
Search Google
Conference: ASIACRYPT 2025
Abstract: Subversion-resilient cryptography has garnered increasing attention in recent years due to growing concerns about cryptographic subversions in real-world applications. Among the existing countermea sures, the notion of cryptographic reverse firewalls (RFs), initially pro posed by Mironov and Stephens-Davidowitz (EUROCRYPT 2015) and later extended by Chakraborty et al. (EUROCRYPT 2022) to the univer sally composable (UC) model, has proven to be a powerful tool for build ing subversion-resilient cryptographic protocols. In this work, we focus on designing subversion-resilient authenticated key exchange (AKE) pro tocols, which are critical components of secure Internet communication. Wepresent the first generic framework for subversion-resilient UC-secure AKE protocols leveraging RFs. Inspired by the state-of-the-art advance ments by Chakraborty et al. (ASIACRYPT 2024), we address subver sions: where a party’s implementation is covertly altered to exfiltrate secrets or behave unpredictably when triggered by adversarial inputs. A key contribution of our work is the introduction of a new AKE function ality which, for the first time, incorporates security against key control, an essential aspect of achieving subversion resilience. We also provide a concrete instantiation of our framework, demonstrating its feasibility in practice. Notably, the RFs in our proposed AKE protocol are transparent, an important property of RF as defined originally, which allows deploy ment of RF without all parties explicitly knowing about it and allows robust security. Achieving transparency for RFs has been widely regarded as challenging, particularly when addressing broader subversion attacks (e.g., input-trigger attacks) in the UC model. Our approach, thus, not only advances the state of AKE protocol design, but also offers insights into building other subversion-resilient protocols in the UC model using transparent RFs.
BibTeX
@inproceedings{asiacrypt-2025-36091,
  title={Universally Composable Subversion-Resilient Authenticated Key Exchange},
  publisher={Springer-Verlag},
  author={Jiahao Liu and Yi Wang and Rongmao Chen and Xinyi Huang and Jinshu Su and Moti Yung},
  year=2025
}