Strongly secure authenticated key exchange from supersingular isogenies

This paper aims to address the open problem, namely, to find new techniques to design and prove security of supersingular isogeny-based authenticated key exchange (AKE) protocols against the widest possible adversarial attacks, raised by Galbraith in 2018. Concretely, we present two AKEs based on a...

Full description

Saved in:
Bibliographic Details
Main Authors: XU, Xiu, XUE, Haiyang, WANG, Kunpeng, AU, Ho Man, TIAN, Song
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/9203
https://ink.library.smu.edu.sg/context/sis_research/article/10208/viewcontent/strongly_secure.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-10208
record_format dspace
spelling sg-smu-ink.sis_research-102082024-08-13T05:08:19Z Strongly secure authenticated key exchange from supersingular isogenies XU, Xiu XUE, Haiyang WANG, Kunpeng AU, Ho Man TIAN, Song This paper aims to address the open problem, namely, to find new techniques to design and prove security of supersingular isogeny-based authenticated key exchange (AKE) protocols against the widest possible adversarial attacks, raised by Galbraith in 2018. Concretely, we present two AKEs based on a double-key PKE in the supersingular isogeny setting secure in the sense of CK+, one of the strongest security models for AKE. Our contributions are summarised as follows. Firstly, we propose a strong OW-CPA secure PKE, 2PKEsidh, based on SI-DDH assumption. By applying modified Fujisaki-Okamoto transformation, we obtain a [OW-CCA, OW-CPA] secure KEM, 2KEMsidh. Secondly, we propose a two-pass AKE, SIAKE2, based on SI-DDH assumption, using 2KEMsidh as a building block. Thirdly, we present a modified version of 2KEMsidh that is secure against leakage under the 1-Oracle SI-DH assumption. Using the modified 2KEMsidh as a building block, we then propose a three-pass AKE, SIAKE3, based on 1-Oracle SI-DH assumption. Finally, we prove that both SIAKE2 and SIAKE3 are CK+ secure in the random oracle model and supports arbitrary registration. We also provide an implementation to illustrate the efficiency of our schemes. Our schemes compare favourably against existing isogeny-based AKEs. To the best of our knowledge, they are the first of its kind to offer security against arbitrary registration, wPFS, KCI, and MEX simultaneously. Regarding efficiency, our schemes outperform existing schemes in terms of bandwidth as well as CPU cycle count. 2019-12-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/9203 info:doi/10.1007/978-3-030-34578-5_11 https://ink.library.smu.edu.sg/context/sis_research/article/10208/viewcontent/strongly_secure.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Information Security
spellingShingle Information Security
XU, Xiu
XUE, Haiyang
WANG, Kunpeng
AU, Ho Man
TIAN, Song
Strongly secure authenticated key exchange from supersingular isogenies
description This paper aims to address the open problem, namely, to find new techniques to design and prove security of supersingular isogeny-based authenticated key exchange (AKE) protocols against the widest possible adversarial attacks, raised by Galbraith in 2018. Concretely, we present two AKEs based on a double-key PKE in the supersingular isogeny setting secure in the sense of CK+, one of the strongest security models for AKE. Our contributions are summarised as follows. Firstly, we propose a strong OW-CPA secure PKE, 2PKEsidh, based on SI-DDH assumption. By applying modified Fujisaki-Okamoto transformation, we obtain a [OW-CCA, OW-CPA] secure KEM, 2KEMsidh. Secondly, we propose a two-pass AKE, SIAKE2, based on SI-DDH assumption, using 2KEMsidh as a building block. Thirdly, we present a modified version of 2KEMsidh that is secure against leakage under the 1-Oracle SI-DH assumption. Using the modified 2KEMsidh as a building block, we then propose a three-pass AKE, SIAKE3, based on 1-Oracle SI-DH assumption. Finally, we prove that both SIAKE2 and SIAKE3 are CK+ secure in the random oracle model and supports arbitrary registration. We also provide an implementation to illustrate the efficiency of our schemes. Our schemes compare favourably against existing isogeny-based AKEs. To the best of our knowledge, they are the first of its kind to offer security against arbitrary registration, wPFS, KCI, and MEX simultaneously. Regarding efficiency, our schemes outperform existing schemes in terms of bandwidth as well as CPU cycle count.
format text
author XU, Xiu
XUE, Haiyang
WANG, Kunpeng
AU, Ho Man
TIAN, Song
author_facet XU, Xiu
XUE, Haiyang
WANG, Kunpeng
AU, Ho Man
TIAN, Song
author_sort XU, Xiu
title Strongly secure authenticated key exchange from supersingular isogenies
title_short Strongly secure authenticated key exchange from supersingular isogenies
title_full Strongly secure authenticated key exchange from supersingular isogenies
title_fullStr Strongly secure authenticated key exchange from supersingular isogenies
title_full_unstemmed Strongly secure authenticated key exchange from supersingular isogenies
title_sort strongly secure authenticated key exchange from supersingular isogenies
publisher Institutional Knowledge at Singapore Management University
publishDate 2019
url https://ink.library.smu.edu.sg/sis_research/9203
https://ink.library.smu.edu.sg/context/sis_research/article/10208/viewcontent/strongly_secure.pdf
_version_ 1814047790159888384