Towards Bidirectional Ratcheted Key Exchange. / Poettering, Bertram; Rösler, Paul.

2018. 3-32 Paper presented at 38th International Cryptology Conference, CRYPTO 2018, Santa Barbara , United States.

Research output: Contribution to conferencePaper

E-pub ahead of print

Documents

  • Main

    Accepted author manuscript, 535 KB, PDF-document

Abstract

Ratcheted key exchange (RKE) is a cryptographic technique used in instant messaging systems like Signal and the WhatsApp messenger for attaining strong security in the face of state exposure attacks. RKE received academic attention in the recent works of Cohn-Gordon et al. (EuroS&P 2017) and Bellare et al. (CRYPTO 2017). While the former is analytical in the sense that it aims primarily at assessing the security that one particular protocol does achieve (which might be weaker than the notion that it should achieve), the authors of the latter develop and instantiate a notion of security from scratch, independently of existing implementations. Unfortunately, however, their model is quite restricted, e.g. for considering only unidirectional communication and the exposure of only one of the two parties. In this article we resolve the limitations of prior work by developing alternative security definitions, for unidirectional RKE as well as for RKE where both parties contribute. We follow a purist approach, aiming at finding strong yet convincing notions that cover a realistic communication model with fully concurrent operation of both participants. We further propose secure instantiations (as the protocols analyzed or proposed by Cohn-Gordon et al. and Bellare et al. turn out to be weak in our models). While our scheme for the unidirectional case builds on a generic KEM as the main building block (differently to prior work that requires explicitly Diffie–Hellman), our schemes for bidirectional RKE require a stronger, HIBE-like component.
Original languageEnglish
Pages3-32
Number of pages30
DOIs
StateE-pub ahead of print - 25 Jul 2018
Event38th International Cryptology Conference, CRYPTO 2018 - University of California , Santa Barbara , United States
Duration: 19 Aug 201823 Aug 2018
https://crypto.iacr.org/2018/

Conference

Conference38th International Cryptology Conference, CRYPTO 2018
CountryUnited States
CitySanta Barbara
Period19/08/1823/08/18
Internet address
This open access research output is licenced under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

ID: 30280577