International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Tightly-Secure Group Key Exchange with Perfect Forward Secrecy

Authors:
Emanuele Di Giandomenico , Eindhoven University of Technology
Sven Schäge , Eindhoven University of Technology
Doreen Riepel , UC San Diego
Download:
Search ePrint
Search Google
Presentation: Slides
Conference: ASIACRYPT 2024
Abstract: In this work, we present a new paradigm for constructing Group Authenticated Key Exchange (GAKE). This result is the first tightly secure GAKE scheme in a strong security model that allows maximum exposure attacks (MEX) where the attacker is allowed to either reveal the secret session state or the long-term secret of all communication partners. Moreover, our protocol features the strong and realistic notion of (full) perfect forward secrecy (PFS), that allows the attacker to actively modify messages before corrupting parties. We obtain our results via a series of tightly secure transformations. Our first transformation is from weakly secure KEMs to unilateral authenticated key exchange (UAKE) with weak forward secrecy (WFS). Next, we show how to turn this into an UAKE with PFS in the random oracle model. Finally, and as one of our major novel conceptual contributions, we describe how to build GAKE protocols from UAKE protocols, also in the random oracle model. We apply our transformations to obtain two practical GAKE protocols with tight security. The first is based on the DDH assumption and features low message complexity. Our second result is based on the LWE assumption. In this way, we obtain the first GAKE protocol from a post-quantum assumption that is tightly secure in a strong model of security allowing MEX attacks.
BibTeX
@inproceedings{asiacrypt-2024-34682,
  title={Tightly-Secure Group Key Exchange with Perfect Forward Secrecy},
  publisher={Springer-Verlag},
  author={Emanuele Di Giandomenico and Sven Schäge and Doreen Riepel},
  year=2024
}