Strongly secure authenticated key exchange from supersingular isogenies

Xiu Xu; Haiyang Xue; Kunpeng Wang; Man Ho Au; Song Tian

doi:10.1007/978-3-030-34578-5_11

Strongly secure authenticated key exchange from supersingular isogenies

Xiu Xu, Haiyang Xue, Kunpeng Wang, Man Ho Au, Song Tian

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

11 Citations (Scopus)

Abstract

This paper aims to address the open problem, namely, to find new techniques to design and prove security of supersingular isogeny-based authenticated key exchange (AKE) protocols against the widest possible adversarial attacks, raised by Galbraith in 2018. Concretely, we present two AKEs based on a double-key PKE in the supersingular isogeny setting secure in the sense of CK⁺, one of the strongest security models for AKE. Our contributions are summarised as follows. Firstly, we propose a strong OW-CPA secure PKE, 2PKE_sidh, based on SI-DDH assumption. By applying modified Fujisaki-Okamoto transformation, we obtain a [OW-CCA, OW-CPA] secure KEM, 2KEM_sidh. Secondly, we propose a two-pass AKE, SIAKE₂, based on SI-DDH assumption, using 2KEM_sidh as a building block. Thirdly, we present a modified version of 2KEM_sidh that is secure against leakage under the 1-Oracle SI-DH assumption. Using the modified 2KEM_sidh as a building block, we then propose a three-pass AKE, SIAKE₃, based on 1-Oracle SI-DH assumption. Finally, we prove that both SIAKE₂ and SIAKE₃ are CK⁺ secure in the random oracle model and supports arbitrary registration. We also provide an implementation to illustrate the efficiency of our schemes. Our schemes compare favourably against existing isogeny-based AKEs. To the best of our knowledge, they are the first of its kind to offer security against arbitrary registration, wPFS, KCI, and MEX simultaneously. Regarding efficiency, our schemes outperform existing schemes in terms of bandwidth as well as CPU cycle count.

Original language	English
Title of host publication	Advances in Cryptology – ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, 2019, Proceedings
Editors	Steven D. Galbraith, Shiho Moriai
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	278-308
Number of pages	31
ISBN (Print)	9783030345778
DOIs	https://doi.org/10.1007/978-3-030-34578-5_11
Publication status	Published - 2019
Event	25th International Conference on the Theory and Applications of Cryptology and Information Security, ASIACRYPT 2019 - Kobe, Japan Duration: 8 Dec 2019 → 12 Dec 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11921 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	25th International Conference on the Theory and Applications of Cryptology and Information Security, ASIACRYPT 2019
Country/Territory	Japan
City	Kobe
Period	8/12/19 → 12/12/19

Keywords

Authenticated key exchange
Key encapsulation mechanism
Post quantum
Supersingular elliptic curve isogeny

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

More information

10.1007/978-3-030-34578-5_11

Cite this

Xu, X., Xue, H., Wang, K., Au, M. H., & Tian, S. (2019). Strongly secure authenticated key exchange from supersingular isogenies. In S. D. Galbraith, & S. Moriai (Eds.), Advances in Cryptology – ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, 2019, Proceedings (pp. 278-308). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11921 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-34578-5_11

Xu, Xiu ; Xue, Haiyang ; Wang, Kunpeng et al. / Strongly secure authenticated key exchange from supersingular isogenies. Advances in Cryptology – ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, 2019, Proceedings. editor / Steven D. Galbraith ; Shiho Moriai. Springer Science and Business Media Deutschland GmbH, 2019. pp. 278-308 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{95a8414aa1b94c1db6f9a8c99b68b98a,

title = "Strongly secure authenticated key exchange from supersingular isogenies",

abstract = "This paper aims to address the open problem, namely, to find new techniques to design and prove security of supersingular isogeny-based authenticated key exchange (AKE) protocols against the widest possible adversarial attacks, raised by Galbraith in 2018. Concretely, we present two AKEs based on a double-key PKE in the supersingular isogeny setting secure in the sense of CK+, one of the strongest security models for AKE. Our contributions are summarised as follows. Firstly, we propose a strong OW-CPA secure PKE, 2PKEsidh, based on SI-DDH assumption. By applying modified Fujisaki-Okamoto transformation, we obtain a [OW-CCA, OW-CPA] secure KEM, 2KEMsidh. Secondly, we propose a two-pass AKE, SIAKE2, based on SI-DDH assumption, using 2KEMsidh as a building block. Thirdly, we present a modified version of 2KEMsidh that is secure against leakage under the 1-Oracle SI-DH assumption. Using the modified 2KEMsidh as a building block, we then propose a three-pass AKE, SIAKE3, based on 1-Oracle SI-DH assumption. Finally, we prove that both SIAKE2 and SIAKE3 are CK+ secure in the random oracle model and supports arbitrary registration. We also provide an implementation to illustrate the efficiency of our schemes. Our schemes compare favourably against existing isogeny-based AKEs. To the best of our knowledge, they are the first of its kind to offer security against arbitrary registration, wPFS, KCI, and MEX simultaneously. Regarding efficiency, our schemes outperform existing schemes in terms of bandwidth as well as CPU cycle count.",

keywords = "Authenticated key exchange, Key encapsulation mechanism, Post quantum, Supersingular elliptic curve isogeny",

author = "Xiu Xu and Haiyang Xue and Kunpeng Wang and Au, {Man Ho} and Song Tian",

note = "Funding Information: Haiyang Xue is supported by the National Natural Science Foundation of China (No. 61602473, No. 61672019), and the National Cryptography Development FundMMJJ20170116. Xiu Xu is supported by the National Natural Science Foundation of China (No.61872442). Man Ho Au is supported by the Research Grant Council of Hong Kong (Grant No. 25206317).Song Tian is supported by the National Natural Science Foundation of China (No. 61802401). Funding Information: Acknowledgements. Haiyang Xue is supported by the National Natural Science Foundation of China (No. 61602473, No. 61672019), and the National Cryptography Development Fund MMJJ20170116. Xiu Xu is supported by the National Natural Science Foundation of China (No.61872442). Man Ho Au is supported by the Research Grant Council of Hong Kong (Grant No. 25206317). Song Tian is supported by the National Natural Science Foundation of China (No. 61802401). Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2019.; 25th International Conference on the Theory and Applications of Cryptology and Information Security, ASIACRYPT 2019 ; Conference date: 08-12-2019 Through 12-12-2019",

year = "2019",

doi = "10.1007/978-3-030-34578-5_11",

language = "English",

isbn = "9783030345778",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "278--308",

editor = "Galbraith, {Steven D.} and Shiho Moriai",

booktitle = "Advances in Cryptology – ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, 2019, Proceedings",

address = "Germany",

}

Xu, X, Xue, H, Wang, K, Au, MH & Tian, S 2019, Strongly secure authenticated key exchange from supersingular isogenies. in SD Galbraith & S Moriai (eds), Advances in Cryptology – ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11921 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 278-308, 25th International Conference on the Theory and Applications of Cryptology and Information Security, ASIACRYPT 2019, Kobe, Japan, 8/12/19. https://doi.org/10.1007/978-3-030-34578-5_11

Strongly secure authenticated key exchange from supersingular isogenies. / Xu, Xiu; Xue, Haiyang; Wang, Kunpeng et al.
Advances in Cryptology – ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, 2019, Proceedings. ed. / Steven D. Galbraith; Shiho Moriai. Springer Science and Business Media Deutschland GmbH, 2019. p. 278-308 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11921 LNCS).

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - Strongly secure authenticated key exchange from supersingular isogenies

AU - Xu, Xiu

AU - Xue, Haiyang

AU - Wang, Kunpeng

AU - Au, Man Ho

AU - Tian, Song

N1 - Funding Information: Haiyang Xue is supported by the National Natural Science Foundation of China (No. 61602473, No. 61672019), and the National Cryptography Development FundMMJJ20170116. Xiu Xu is supported by the National Natural Science Foundation of China (No.61872442). Man Ho Au is supported by the Research Grant Council of Hong Kong (Grant No. 25206317).Song Tian is supported by the National Natural Science Foundation of China (No. 61802401). Funding Information: Acknowledgements. Haiyang Xue is supported by the National Natural Science Foundation of China (No. 61602473, No. 61672019), and the National Cryptography Development Fund MMJJ20170116. Xiu Xu is supported by the National Natural Science Foundation of China (No.61872442). Man Ho Au is supported by the Research Grant Council of Hong Kong (Grant No. 25206317). Song Tian is supported by the National Natural Science Foundation of China (No. 61802401). Publisher Copyright: © International Association for Cryptologic Research 2019.

PY - 2019

Y1 - 2019

N2 - This paper aims to address the open problem, namely, to find new techniques to design and prove security of supersingular isogeny-based authenticated key exchange (AKE) protocols against the widest possible adversarial attacks, raised by Galbraith in 2018. Concretely, we present two AKEs based on a double-key PKE in the supersingular isogeny setting secure in the sense of CK+, one of the strongest security models for AKE. Our contributions are summarised as follows. Firstly, we propose a strong OW-CPA secure PKE, 2PKEsidh, based on SI-DDH assumption. By applying modified Fujisaki-Okamoto transformation, we obtain a [OW-CCA, OW-CPA] secure KEM, 2KEMsidh. Secondly, we propose a two-pass AKE, SIAKE2, based on SI-DDH assumption, using 2KEMsidh as a building block. Thirdly, we present a modified version of 2KEMsidh that is secure against leakage under the 1-Oracle SI-DH assumption. Using the modified 2KEMsidh as a building block, we then propose a three-pass AKE, SIAKE3, based on 1-Oracle SI-DH assumption. Finally, we prove that both SIAKE2 and SIAKE3 are CK+ secure in the random oracle model and supports arbitrary registration. We also provide an implementation to illustrate the efficiency of our schemes. Our schemes compare favourably against existing isogeny-based AKEs. To the best of our knowledge, they are the first of its kind to offer security against arbitrary registration, wPFS, KCI, and MEX simultaneously. Regarding efficiency, our schemes outperform existing schemes in terms of bandwidth as well as CPU cycle count.

AB - This paper aims to address the open problem, namely, to find new techniques to design and prove security of supersingular isogeny-based authenticated key exchange (AKE) protocols against the widest possible adversarial attacks, raised by Galbraith in 2018. Concretely, we present two AKEs based on a double-key PKE in the supersingular isogeny setting secure in the sense of CK+, one of the strongest security models for AKE. Our contributions are summarised as follows. Firstly, we propose a strong OW-CPA secure PKE, 2PKEsidh, based on SI-DDH assumption. By applying modified Fujisaki-Okamoto transformation, we obtain a [OW-CCA, OW-CPA] secure KEM, 2KEMsidh. Secondly, we propose a two-pass AKE, SIAKE2, based on SI-DDH assumption, using 2KEMsidh as a building block. Thirdly, we present a modified version of 2KEMsidh that is secure against leakage under the 1-Oracle SI-DH assumption. Using the modified 2KEMsidh as a building block, we then propose a three-pass AKE, SIAKE3, based on 1-Oracle SI-DH assumption. Finally, we prove that both SIAKE2 and SIAKE3 are CK+ secure in the random oracle model and supports arbitrary registration. We also provide an implementation to illustrate the efficiency of our schemes. Our schemes compare favourably against existing isogeny-based AKEs. To the best of our knowledge, they are the first of its kind to offer security against arbitrary registration, wPFS, KCI, and MEX simultaneously. Regarding efficiency, our schemes outperform existing schemes in terms of bandwidth as well as CPU cycle count.

KW - Authenticated key exchange

KW - Key encapsulation mechanism

KW - Post quantum

KW - Supersingular elliptic curve isogeny

UR - http://www.scopus.com/inward/record.url?scp=85076714623&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-34578-5_11

DO - 10.1007/978-3-030-34578-5_11

M3 - Conference article published in proceeding or book

AN - SCOPUS:85076714623

SN - 9783030345778

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 278

EP - 308

BT - Advances in Cryptology – ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, 2019, Proceedings

A2 - Galbraith, Steven D.

A2 - Moriai, Shiho

PB - Springer Science and Business Media Deutschland GmbH

T2 - 25th International Conference on the Theory and Applications of Cryptology and Information Security, ASIACRYPT 2019

Y2 - 8 December 2019 through 12 December 2019

ER -

Xu X, Xue H, Wang K, Au MH, Tian S. Strongly secure authenticated key exchange from supersingular isogenies. In Galbraith SD, Moriai S, editors, Advances in Cryptology – ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, 2019, Proceedings. Springer Science and Business Media Deutschland GmbH. 2019. p. 278-308. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-34578-5_11

Strongly secure authenticated key exchange from supersingular isogenies

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this