Constant-Round Group Key Exchange from the Ring-LWE Assumption

Apon, Daniel; Dachman-Soled, Dana; Gong, Huijing; Katz, Jonathan

doi:10.1007/978-3-030-25510-7_11

Cited by 19 publications

(40 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, no security proof was provided for the group version of their protocol. Recently, in Apon et al (2019), a constant-round protocol for group key exchange is proposed and proven secure in a passive scenario. Using a post-quantum signature scheme this construction can be made secure in the presence of active adversaries, by means of a well known compiler from Katz and Yung (see Katz and Yung, 2007).…”

Section: Related Work Two-party Constructionsmentioning

confidence: 99%

See 1 more Smart Citation

Group Key Establishment in a Quantum-Future Scenario

Vasco¹,

Pozo²,

Steinwandt³

2020

Informatica

View full text Add to dashboard Cite

In cryptography, key establishment protocols are often the starting point paving the way towards secure execution of different tasks. Namely, the parties seeking to achieve some cryptographic task, often start by establishing a common high-entropy secret that will eventually be used to secure their communication. In this paper, we put forward a security model for group key establishment (GAKE) with an adversary that may execute efficient quantum algorithms, yet only once the execution of the protocol has concluded. This captures a situation in which keys are to be established in the present, while security guarantees must still be provided in the future when quantum resources may be accessible to a potential adversary. Further, we propose a protocol design that can be proven secure in this model. Our proposal uses password authentication and builds upon efficient and reasonably well understood primitives: a message authentication code and a post-quantum key encapsulation mechanism. The hybrid structure dodges potential efficiency downsides, like large signatures, of some "true" post-quantum authentication techniques, making our protocol a potentially interesting fit for current applications with long-term security needs.

show abstract

Section: Related Work Two-party Constructionsmentioning

confidence: 99%

“…Table 1 Performance of our protocol compared to recent post-quantum solutions. Here, ADGK refers to the protocol in Apon et al (2019) and ADGK † is an authenticated version of ADGK, obtained by applying the Katz-Yung compiler. PSS refers to the solution in Persichetti et al (2019).…”

Section: Protocol Specificationmentioning

confidence: 99%

Group Key Establishment in a Quantum-Future Scenario

Vasco¹,

Pozo²,

Steinwandt³

2020

Informatica

View full text Add to dashboard Cite

show abstract

“…This results commonly in protocols with a substantial number of signatures being computed, transmitted, and verified: In the Katz-Yung compiler [ 1 ], for each message sent in the original protocol, a signature has to be computed and transmitted (and verified). For instance, Apon et al [ 2 ] propose the application of this compiler for their unauthenticated group key establishment solution. The compiler made by Bresson et al, [ 3 ] requires a signature for each message in the original protocol, plus one more for each protocol participant (and according signature verifications).…”

Section: Introductionmentioning

confidence: 99%

“…In the Katz-Yung compiler [ 1 ], for each message sent in the original protocol, a signature has to be computed and transmitted (and verified). For instance, Apon et al [ 2 ] propose the application of this compiler for their unauthenticated group key establishment solution.…”

Section: Introductionmentioning

confidence: 99%

“…In this paper, we show how to derive a three-round AGKE using KEMs, where no participant signs more than one message. This is one round less than applying the Katz–Yung compiler to Apon et al’s unauthenticated three-round protocol [ 2 ], and differing from the Katz–Yung-based construction, our approach requires only one signature per protocol participant. The signature scheme we use is assumed to be EUF-CMA secure, and the KEM we involve is assumed to be IND-CCA secure.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

From Key Encapsulation to Authenticated Group Key Establishment—A Compiler for Post-Quantum Primitives †

Persichetti

Steinwandt

Corona

2019

Entropy

View full text Add to dashboard Cite

Assuming the availability of an existentially unforgeable signature scheme and an (IND- CCA secure) key encapsulation mechanism, we present a generic construction for group key establishment. The construction is designed with existing proposals for post-quantum cryptography in mind. Applied with such existing proposals and assuming their security, we obtain a quantum-safe three-round protocol for authenticated group key establishment that requires only one signature per protocol participant.

show abstract

Key Exchange

Boyd

2022

Asymmetric Cryptography

View full text Add to dashboard Cite

Constant-Round Group Key Exchange from the Ring-LWE Assumption

Cited by 19 publications

References 25 publications

Group Key Establishment in a Quantum-Future Scenario

Group Key Establishment in a Quantum-Future Scenario

From Key Encapsulation to Authenticated Group Key Establishment—A Compiler for Post-Quantum Primitives †

Key Exchange

Contact Info

Product

Resources

About