Strongly Leakage-Resilient Authenticated Key Exchange

讲座内容：Authenticated Key Exchange (AKE) protocols have been widely deployed in many real-world applications for securing communication channels. In this talk, we revisit the security modelling of leakage-resilient AKE protocols, and show that the existing models either impose some unnatural restrictions or do not sufficiently capture leakage attacks in reality. I will introduce a new strong yet meaningful security model, named challenge-dependent leakage-resilient eCK (CLR-eCK) model, to capture challenge-dependent leakage attacks on both long-term secret key and ephemeral secret key (i.e., randomness). I will present a general framework for constructing one-round CLR-eCK-secure AKE protocols based on smooth projective hash functions and a practical instantiation of the general framework based on the Decisional Diffie-Hellman assumption without random oracle. The result shows that the instantiation is efficient in terms of the communication and computation overhead and captures more general leakage attacks.