One-Round Authenticated Group Key Exchange from Isogenies

Fujioka, Atsushi; Takashima, Katsuyuki; Yoneyama, Kihei

doi:10.1007/978-3-030-31919-9_20

Cited by 16 publications

(10 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, these constructions assume that a setup algorithm establishing a double-tree graph configuration is freshly run after each execution so that each participant is aware of his position in the underlying tree structure (which he should know to prepare and receive messages from ancestors and descendants). Closer to the scenario we consider here, Fujioka et al [3] presented two one-round authenticated protocols, n-UM and BC n-DH. The first of these is proven secure in the so-called Quantum Random Oracle Model (QROM) (where adversaries may query the involved hash functions with a superposition of states), while the second only considers adversaries that classically interact with the involved Random Oracles.…”

Section: Related Work Post-quantum Group Key Exchangementioning

confidence: 99%

“…Closer to the scenario we consider here, Fujioka et al. [3] presented two one‐round authenticated protocols, n‐UM and BC n‐DH. The first of these is proven secure in the so‐called Quantum Random Oracle Model (QROM) (where adversaries may query the involved hash functions with a superposition of states), while the second only considers adversaries that classically interact with the involved Random Oracles.…”

Section: Introductionmentioning

confidence: 99%

“…After establishing this key, the parties can exchange private messages using symmetric cryptographic tools. In this direction, different post-quantum GAKE protocols have been proposed within two main fields of post-quantum cryptography: lattices and isogenies [2,3].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Secure post‐quantum group key exchange: Implementing a solution based on Kyber

Pablos¹,

Vasco²

2023

IET Communications

View full text Add to dashboard Cite

Quantum computing poses fascinating challenges for current cryptography, threatening the security of many schemes and protocols widely used today. To adapt to this reality, the U.S. National Institute for Standards and Technology (NIST) is currently running a standardization process in search of post-quantum (classical, yet resistant to quantum attacks) cryptographic tools, focusing on signature schemes and key encapsulation mechanisms. Many of the competing proposals also include designs for two-party key exchange, which can be combined in different ways to fit scenarios involving n ≥ 2 parties, that is, yielding group key exchange protocols. However, very few implementations of such group protocols are available to practitioners, which face a non-trivial challenge when deciding how to implement a protocol for establishing secure group sessions in this new post-quantum scenario. With this in mind, the authors report on the implementation of a secure postquantum group key exchange protocol in the so-called Quantum Random Oracle Model. The protocol decided to implement is based on a KEM called Kyber, which is one of the finalists of the NIST competition. Not only this group construction is the only one available in the literature using a NIST finalist, but also, among all post-quantum designs the authors are aware of, it uses this strongest security model (as, e.g. in other proposals, the adversarial interaction with the hash functions of the system is assumed to be exclusively classical). Furthermore, experimental evidence is provided supporting this choice in terms of performance, even if the number of involved entities is large (up to 2000). All data and code are publicly available.

show abstract

Section: Related Work Post-quantum Group Key Exchangementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Secure post‐quantum group key exchange: Implementing a solution based on Kyber

Pablos¹,

Vasco²

2023

IET Communications

View full text Add to dashboard Cite

show abstract

“…There have been several recent proposals of group key exchange protocols that provide some kind of resistance against quantum attacks (see Table 1 for a comparison between the main GAKE protocols). The protocol presented in [1] by Fujioka et al is based on the problem of finding isogeny mappings between two supersingular elliptic curves with the same number of points. In the same line, Hougaard and Miyaji presented in [2] several designs based on isogenies.…”

Section: A Related Workmentioning

confidence: 99%

Design and Implementation of a Post-Quantum Group Authenticated Key Exchange Protocol With the LibOQS Library: A Comparative Performance Analysis From Classic McEliece, Kyber, NTRU, and Saber

2022

View full text Add to dashboard Cite

Group authenticated key exchange protocols (GAKE) are cryptographic tools enabling a group of several users communicating through an insecure channel to securely establish a common shared highentropy key. In the last years, the need to design cryptographic tools which provide security in the presence of attackers with access to quantum resources has become unquestionable; the field dealing with these types of protocols is usually referred to as Post-Quantum Cryptography. The U.S. National Institute for Standards and Technology (NIST) launched in 2017 an open call to find suitable post-quantum public-key algorithms for standardization. In this work, we design a GAKE that can be instantiated with any key encapsulation mechanism (KEM) that satisfies the strong security notion IND-CCA, matching NIST's requirements for this primitive. We have implemented our GAKE with the four finalist KEMs from the NIST process: Classic McEliece, Kyber, NTRU, and Saber, making use of the open-source library LibOQS where these algorithms are provided. We have conducted a detailed comparative performance analysis of the resulting GAKE protocols, taking into account all the parameter sets proposed in the submissions. We have also made a performance analysis of all the involved building pieces, including the four finalist KEMs. Finally, we also compare our GAKE with a previous proposal implemented with Kyber.

show abstract

“…Related work. Since De Feo and Jao's work [27,17], others have explored different directions of supersingular isogenies [15,3,23,24,19,20,12,35,2,21,30]. However, to the best of our knowledge, our work is the first to present a framework for "exponentiation-based" protocols which unifies supersingular isogenies with previous constructions and also provides a separation between protocol design and analysis of computational assumptions.…”

Section: Introductionmentioning

confidence: 99%

Semi-commutative Masking: A Framework for Isogeny-Based Protocols, with an Application to Fully Secure Two-Round Isogeny-Based OT

Guilhem

Orsini

Petit

et al. 2020

Cryptology and Network Security

View full text Add to dashboard Cite

We define semi-commutative invertible masking structures which aim to capture the methodology of exponentiation-only protocol design (such as discrete logarithm and isogeny-based cryptography). We give an instantiation based on the semi-commutative action of isogenies of supersingular elliptic curves, in the style of the SIDH key-exchange protocol. We then construct an oblivious transfer protocol using this new structure and prove that it UC-securely realises the oblivious transfer functionality in the random-oracle-hybrid model against passive adversaries with static corruptions. Moreover, we show that it satisfies the security properties required by the compiler of Döttling et al. (Eurocrypt 2020), achieving the first fully UC-secure two-round OT protocol based on supersingular isogenies.

show abstract

One-Round Authenticated Group Key Exchange from Isogenies

Cited by 16 publications

References 9 publications

Secure post‐quantum group key exchange: Implementing a solution based on Kyber

Secure post‐quantum group key exchange: Implementing a solution based on Kyber

Design and Implementation of a Post-Quantum Group Authenticated Key Exchange Protocol With the LibOQS Library: A Comparative Performance Analysis From Classic McEliece, Kyber, NTRU, and Saber

Semi-commutative Masking: A Framework for Isogeny-Based Protocols, with an Application to Fully Secure Two-Round Isogeny-Based OT

Contact Info

Product

Resources

About