IACR News item: 12 January 2015
Florian Bergsma, Tibor Jager, Jörg Schwenk
ePrint ReportWe give a generic construction of ORKE protocols from general assumptions, with security in the standard model, and in a strong security model where the attacker is even allowed to learn the randomness or the long-term secret of either party in the target session. The only restriction is that the attacker must not learn both the randomness and the long-term secret of one party of the target session, since this would allow him to recompute all internal states of this party, including the session key.
This is the first such construction that does not rely on random oracles.
The construction is intuitive, relatively simple, and efficient. It uses only standard primitives, namely non-interactive key exchange, a digital signature scheme, and a pseudorandom function, with standard security properties, as building blocks.
Additional news items may be found on the IACR news page.