nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Bidirectional Asynchronous Ratcheted Key Agreement with Linear Complexity

verfasst von : F. Betül Durak, Serge Vaudenay

Erschienen in: Advances in Information and Computer Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Following up mass surveillance and privacy issues, modern secure communication protocols now seek more security such as forward secrecy and post-compromise security. They cannot rely on an assumption such as synchronization, predictable sender/receiver roles, or online availability. Ratcheting was introduced to address forward secrecy and post-compromise security in real-world messaging protocols. At CSF 2016 and CRYPTO 2017, ratcheting was studied either without zero round-trip time (0-RTT) or without bidirectional communication. At CRYPTO 2018, ratcheting with bidirectional communication was done using heavy key-update primitives. At EUROCRYPT 2019, another protocol was proposed. All those protocols use random oracles. Furthermore, exchanging

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-26834-3_20/487833_1_En_20_IEq1_HTML.gif

messages has complexity

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-26834-3_20/487833_1_En_20_IEq2_HTML.gif

in general.

In this work, we define the bidirectional asynchronous ratcheted key agreement (

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-26834-3_20/487833_1_En_20_IEq3_HTML.gif

) with formal security notions. We provide a simple security model and design a secure

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-26834-3_20/487833_1_En_20_IEq4_HTML.gif

scheme using no key-update primitives, no random oracle, an with

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-26834-3_20/487833_1_En_20_IEq5_HTML.gif

complexity. It is based on a public-key cryptosystem, a signature scheme, one-time symmetric encryption, and a collision-resistant hash function family. We further show that

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-26834-3_20/487833_1_En_20_IEq6_HTML.gif

(even unidirectional) implies public-key cryptography, meaning that it cannot solely rely on symmetric cryptography.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel VSS Made Simpler

Nächstes Kapitel A New Approach to Constructing Digital Signature Schemes

For JS, this is only visible in the corrected version of the paper on eprint [10]. Our complexity analysis is based on how those protocols have been implemented (https://github.com/qantik/ratcheted). It was presented at the WSM 2019 workshop.

Those terms are more formally explained on p. 12.

By saying that

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-26834-3_20/487833_1_En_20_IEq150_HTML.gif

is prefix of

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-26834-3_20/487833_1_En_20_IEq151_HTML.gif

, we mean that when

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-26834-3_20/487833_1_En_20_IEq152_HTML.gif

is the number of keys generated by

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-26834-3_20/487833_1_En_20_IEq153_HTML.gif

running

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-26834-3_20/487833_1_En_20_IEq154_HTML.gif

, then these keys are the first

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-26834-3_20/487833_1_En_20_IEq155_HTML.gif

keys generated by

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-26834-3_20/487833_1_En_20_IEq156_HTML.gif

running

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-26834-3_20/487833_1_En_20_IEq157_HTML.gif

Origin of dotted arrows indicate when a time originates from.

Alwen, J., Coretti, S., Dodis, Y.: The double ratchet: security notions, proofs, and modularization for the signal protocol. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 129–158. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_5. Full version: https://eprint.iacr.org/2018/1037.pdfCrossRef

Bellare, M., Singh, A.C., Jaeger, J., Nyayapati, M., Stepanovs, I.: Ratcheted encryption and key exchange: the security of messaging. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 619–650. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_21CrossRef

Borisov, N., Goldberg, I., Brewer, E.: Off-the-record communication, or, why not to use PGP. In: Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, WPES 2004, pp. 77–84. ACM, New York (2004)

Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_28CrossRef

Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 451–466, April 2017

Cohn-Gordon, K., Cremers, C., Garratt, L.: On post-compromise security. In: 2016 IEEE 29th Computer Security Foundations Symposium (CSF), pp. 164–178, June 2016

Derler, D., Jager, T., Slamanig, D., Striecks, C.: Bloom filter encryption and applications to efficient forward-secret 0-RTT key exchange. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 425–455. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_14CrossRef

Betül Durak, F., Vaudenay, S.: Bidirectional asynchronous ratcheted key agreement with linear complexity. https://eprint.iacr.org/2018/889.pdf

Günther, F., Hale, B., Jager, T., Lauer, S.: 0-RTT key exchange with full forward secrecy. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 519–548. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_18CrossRef

10.

Jaeger, J., Stepanovs, I.: Optimal channel security against fine-grained state compromise: the safety of messaging. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 33–62. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_2. Full version: https://eprint.iacr.org/2018/553.pdfCrossRef

11.

Jost, D., Maurer, U., Mularczyk, M.: Efficient ratcheting: almost-optimal guarantees for secure messaging. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 159–188. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_6. Full version: https://eprint.iacr.org/2018/954.pdfCrossRef

12.

LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75670-5_1CrossRefMATH

13.

Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In: RFID Privacy Workshop (2003)

14.

Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient hash-chain based RFID privacy protection scheme. In: International Conference on Ubiquitous Computing (Ubicomp), Workshop Privacy: Current Status and Future Directions (2004)

15.

Poettering, B., Rösler, P.: Towards bidirectional ratcheted key exchange. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 3–32. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_1. Full version: https://eprint.iacr.org/2018/296.pdfCrossRef

16.

Open Whisper Systems. Signal protocol library for Java/Android. GitHub repository (2017). https://github.com/WhisperSystems/libsignal-protocol-java

17.

Unger, N., et al.: SoK: secure messaging. In: 2015 IEEE Symposium on Security and Privacy, pp. 232–249, May 2015

18.

WhatsApp. Whatsapp encryption overview. Technical white paper (2016). https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf

Titel: Bidirectional Asynchronous Ratcheted Key Agreement with Linear Complexity
verfasst von: F. Betül Durak
Serge Vaudenay
Verlag: Springer International Publishing
Buch: Advances in Information and Computer Security
Print ISBN: 978-3-030-26833-6

Electronic ISBN: 978-3-030-26834-3

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-26834-3_20

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner