Multi-User CDH Problems and the Concrete Security of NAXOS and HMQV.
IACR Cryptol. ePrint Arch.(2023)
摘要
We introduce
$$\textsf{Corr}\textsf{GapCDH}$$
, the Gap Computational Diffie-Hellman problem in the multi-user setting with Corruptions. In the random oracle model, our assumption tightly implies the security of the authenticated key exchange protocols
$$\textsf{NAXOS}$$
in the eCK model and (a simplified version of)
$$\textsf{X3DH}$$
without ephemeral key reveal. We prove hardness of
$$\textsf{Corr}\textsf{GapCDH}$$
in the generic group model, with optimal bounds matching the one of the discrete logarithm problem. We also introduce
$$\textsf{CorrCR}\textsf{GapCDH}$$
, a stronger Challenge-Response variant of our assumption. Unlike standard
$$\textsf{GapCDH}$$
,
$$\textsf{CorrCR}\textsf{GapCDH}$$
implies the security of the popular AKE protocol HMQV in the eCK model, tightly and without rewinding. Again, we prove hardness of
$$\textsf{CorrCR}\textsf{GapCDH}$$
in the generic group model, with (almost) optimal bounds. Our new results allow implementations of
$$\textsf{NAXOS}$$
,
$$\textsf{X3DH}$$
, and
$$\textsf{HMQV}$$
without having to adapt the group sizes to account for the tightness loss of previous reductions. As a side result of independent interest, we also obtain modular and simple security proofs from standard
$$\textsf{GapCDH}$$
with tightness loss, improving previously known bounds.
更多查看译文
关键词
naxos,security,multi-user
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要