Authenticated key exchange from ideal lattices. (English) Zbl 1375.94164

Oswald, Elisabeth (ed.) et al., Advances in cryptology – EUROCRYPT 2015. 34th annual international conference on the theory and applications of cryptographic techniques, Sofia, Bulgaria, April 26–30, 2015. Proceedings. Part II. Berlin: Springer (ISBN 978-3-662-46802-9/pbk; 978-3-662-46803-6/ebook). Lecture Notes in Computer Science 9057, 719-751 (2015).
Summary: In this paper, we present a practical and provably secure two-pass authenticated key exchange protocol over ideal lattices, which is conceptually simple and has similarities to the Diffie-Hellman based protocols such as HMQV [H. Krawczyk, Crypto 2005, Lect. Notes Comput. Sci. 3621, 546–566 (2005; Zbl 1145.94445)] and OAKE [A. C. C. Yao and Y. Zhao, OAKE: A new family of implicitly authenticated Diffie-Hellman protocols. In: Proceedings of the 2013 ACM SIGSAC conference, CCS 2013, p. 1113–1128 (2013; doi:10.1145/2508859.2516695)]. Our method does not involve other cryptographic primitives – in particular, it does not use signatures – which simplifies the protocol and enables us to base the security directly on the hardness of the ring learning with errors problem. The security is proven in the Bellare-Rogaway model with weak perfect forward secrecy in the random oracle model. We also give a one-pass variant of our two-pass protocol, which might be appealing in specific applications. Several concrete choices of parameters are provided, and a proof-of-concept implementation shows that our protocols are indeed practical.
For the entire collection see [Zbl 1321.94011].


94A60 Cryptography
94A62 Authentication, digital signatures and secret sharing


Zbl 1145.94445
Full Text: DOI Link