Determining the Core Primitive for Optimally Secure Ratcheting

Balli F, Rösler P, Vaudenay S (2020)

Publication Type: Conference contribution

Publication year: 2020

Journal

Lecture Notes in Computer Science Springer Verlag

Publisher: Springer Science and Business Media Deutschland GmbH

Book Volume: 12493 LNCS

Pages Range: 621-650

Conference Proceedings Title: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Event location: Daejeon KR

ISBN: 9783030648398

DOI: 10.1007/978-3-030-64840-4_21

Abstract

After ratcheting attracted attention mostly due to practical real-world protocols, recently a line of work studied ratcheting as a primitive from a theoretic point of view. Literature in this line, pursuing the strongest security of ratcheting one can hope for, utilized for constructions strong, yet inefficient key-updatable primitives – based on hierarchical identity based encryption (HIBE). As none of these works formally justified utilizing these building blocks, we answer the yet open question under which conditions their use is actually necessary. We revisit these strong notions of ratcheted key exchange (RKE), and propose a more realistic (slightly stronger) security definition. In this security definition, both exposure of participants’ local secrets and attacks against executions’ randomness are considered. While these two attacks were partially considered in previous work, we are the first to unify them cleanly in a natural game based notion. Our definitions are based on the systematic RKE notion by Poettering and Rösler (CRYPTO 2018). Due to slight (but meaningful) changes to regard attacks against randomness, we are ultimately able to show that, in order to fulfill strong security for RKE, public key cryptography with (independently) updatable key pairs is a necessary building block. Surprisingly, this implication already holds for the simplest RKE variant. Hence, (1) we model optimally secure RKE under randomness manipulation to cover realistic attacks, (2) we (provably) extract the core primitive that is necessary to realize strongly secure RKE, and (3) our results indicate which relaxations in security allow for constructions that only rely on standard public key cryptography.

Authors with CRIS profile

Paul Rösler

Involved external institutions

École Polytechnique Fédérale de Lausanne (EPFL) CH Switzerland (CH) Ruhr-Universität Bochum (RUB) DE Germany (DE)

How to cite

APA:

Balli, F., Rösler, P., & Vaudenay, S. (2020). Determining the Core Primitive for Optimally Secure Ratcheting. In Shiho Moriai, Huaxiong Wang (Eds.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 621-650). Daejeon, KR: Springer Science and Business Media Deutschland GmbH.

MLA:

Balli, Fatih, Paul Rösler, and Serge Vaudenay. "Determining the Core Primitive for Optimally Secure Ratcheting." Proceedings of the 26th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2020, Daejeon Ed. Shiho Moriai, Huaxiong Wang, Springer Science and Business Media Deutschland GmbH, 2020. 621-650.

BibTeX: Download