Revocable Hierarchical Identity-Based Authenticated Key Exchange

Abstract

Identity-based authenticated key exchange (IB-AKE) would be considered to have an advantage in the sense that it does not require certificate management. However, IB-AKE has not both a key delegation functionality and a key revocation functionality. This leaves the problem of the burden to the private key generator when there are a large number of parties in the system, and the problem of the lack of a clear way to eliminate dishonest parties from the system. In this paper, we propose a new authentication mechanism called revocable hierarchical IB-AKE (RHIB-AKE), which can decentralize key generation and revocation performed by a PKG. We also propose a generic construction of RHIB-AKE from a revocable hierarchical identity-based key encapsulation mechanism (RHIB-KEM). We obtain the first RHIB-AKE schemes from pairings or lattices by our generic construction since RHIB-KEM is known to be constructed from them. For security, we show that our scheme resists against leakage of all combinations of master, static, current, and ephemeral secret keys except ones trivially break the security.

Appendices

A Proof of Theorem 1

In the rhid-eCK security experiment, we suppose that \(\mathsf {sid}^*\) is the session identifier for the test session and that at most \(\mu \) sessions are activated. Let \(\kappa \) be the security parameter, and \(\mathcal {A}\) be a PPT (in \(\kappa \)) bounded adversary. We also suppose that \(\mathcal {A}\) outputs \((T^*, ID _A, ID _B)\) at the beginning of this experiment, where \( ID _A\) (resp. \( ID _B\)) is party \(U_A\)’s (resp. \(U_B\)’s) ID. \( Suc \) denotes the event that \(\mathcal {A}\) wins.

We consider 14 events covering all cases of \(\mathcal {A}\)’s behavior: 8 events when the test session has no matching session, and 6 events when it has a matching session. The former can be divided into two main cases, depending on whether the session owner is an initiator or a responder. In each case, we consider the following exposure patterns: 1) the CSK or SSK of the owner and the SSK of the peer such that the peer has been revoked, 2) the ESK of the owner and the SSK of the peer such that the peer has been revoked, 3) the CSK or SSK of the owner, and 4) the ESK of the owner. We consider the event where the owner of the test session is an initiator and the exposure pattern in 1) occurs. That is,

\(E_1{:}\):

\(U_A\) is the initiator and the owner of \(\mathsf {sid}^*\), \(\mathsf {sid}^*\) has no matching session \(\overline{\mathsf {sid}^*}\), \(\mathcal {A}\) issues \(\mathsf {CSKReveal}( ID _A,T^*)\) or \(\mathsf {SSKReveal}( ID )\) for some \( ID \succ ID _A\), and \(\mathcal {A}\) issues \(\mathsf {SSKReveal}( ID )\) such that \( ID \succ ID _B\) and \( ID \in RL _{ pa ( ID ),T^*-1}\).

We can evaluate the probability of an adversary winning if the other seven events occur as well as if \(E_1\) occurs. The latter, i.e. the events where the test session has a matching session, consists of the six exposure patterns shown in the overview of the proof for Theorem 1 of Sect. 3. We consider the following event.

\(E_2{:}\):

There exists a matching session \(\overline{\mathsf {sid}^*}\) of \(\mathsf {sid}^*\), and \(\mathcal {A}\) issues \(\mathsf {CSKReveal}( ID _X, T^*)\) or \(\mathsf {SSKReveal}( ID )\) for some \( ID \succ ID _X\), where \(X=A,B\).

We can evaluate the probability of an adversary winning if the other five events occur as well as if \(E_1\) or \(E_2\) occurs. Therefore, we evaluate \(|2\mathrm {Pr}[ Suc \mid E_i]-1|\) given the event \(E_i\) for \(i=1,2\) to finish the proof.

Event \(\boldsymbol{E_1}\). We change the interface of oracle queries and the computation of the session key. These instances are gradually changed over hybrid experiments, depending on specific sub-cases. In the last hybrid experiment, the session key in the test session does not contain information of the bit b. Thus, \(\mathcal {A}\) only outputs a random guess. Let \(\mathbf {H}_0,\dots ,\mathbf {H}_6\) be these hybrid experiments, \(S_i\) be the event that \(\mathcal {A}\) wins in \(\mathbf {H}_i\), \(T_{ cu }\) be the current time period, and \(s_A\) be the number of sessions of \(U_A\) which have been activated, which is initialized with 0.

Hybrid Experiment \(\mathbf {H}_0\). This experiment is the real experiment for rhid-eCK security and in this experiment, the environment for \(\mathcal {A}\) is as defined in the scheme. Thus, \(|2\mathrm {Pr}[ Suc \mid E_3]-1|=|2\mathrm {Pr}[S_0\mid E_3]-1|\).

Hybrid Experiment \(\mathbf {H}_1\). If session identifiers in two sessions are identical, the experiment halts, a bit \(b'\) is randomly selected, and \(\mathcal {A}\) is considered to output \(b'\). Two session identifiers are identical if and only if the initiators and responders of the two sessions match and the EPKs \((C_A, ek _E,C_B,C_E)\) output by the two sessions are equal. When \( ek _E\) and \(C_E\) are equal in the two sessions, these \(K_E\) are also equal by the correctness of KEM. The probability that these \(K_E\) are equal is at most \(1/2^{\kappa }\) by the \(\kappa \)-min-entropy property of KEM. Therefore, \(|\mathrm {Pr}[S_0\mid E_3]-\mathrm {Pr}[S_1\mid E_3]|\) is negligible for \(\kappa \).

Hybrid Experiment \(\mathbf {H}_2\). The experiment selects an integer \(i\in [1,\mu ]\) randomly in advance. If \(\mathcal {A}\) issues \(\mathsf {Test}\) query to a session except i-th session of party \(U_A\), the experiment halts, a bit \(b'\) is randomly selected, and \(\mathcal {A}\) is considered to output \(b'\). Since guess of the test session matches with \(\mathcal {A}\)’s choice with probability \(1/\mu \), \(|2\mathrm {Pr}[S_1\mid E_3]-1|=\mu \cdot |2\mathrm {Pr}[S_2\mid E_3]-1|\).

Hybrid Experiment \(\mathbf {H}_3\). The computation of \((K_A^*,C_A^*)\) in the test session is changed. Instead of computing \((K^*_A,C^*_A)\leftarrow \mathsf {EnCap}( mpk , ID _B,T^*, G(\sigma _{A,T},\tau _A))\), it is changed as \((K^*_A,C^*_A)\leftarrow \mathsf {EnCap}( mpk , ID _B,T^*,R)\), where \(R\in _R\mathcal {R}_{E}\).

Adversary \(\mathcal {A}\) does not issue \(\mathsf {ESKReveal}(\mathsf {sid}^*)\) from the freshness definition. Hence, we construct a distinguisher \(\mathcal {D}\) between \((\sigma _{A,T},G(\sigma _{A,T},\tau _A))\) and \((\sigma _{A,T},R)\) for TPRF G from \(\mathcal {A}\) in \(\mathbf {H}_2\) or \(\mathbf {H}_3\). \(\mathcal {D}\) simulates obeying the scheme, except that \(\mathcal {D}\) computes \((K^*_A,C^*_A)\leftarrow \mathsf {EnCap}( mpk , ID _B,T^*,R)\) for \(\mathsf {Send}(\varPi ,\mathcal {I},T^*, ID _{A}, ID _{B})\), where R is either of the output of TPRF G or random element. From \(\mathcal {A}\)’s point of view, the simulation by \(\mathcal {D}\) is same as \(\mathbf {H}_2\) if R input to \(\mathcal {D}\) is the output of TPRF G. Otherwise, the simulation by \(\mathcal {D}\) is the same as \(\mathbf {H}_3\). Thus, \(|\mathrm {Pr}[S_2\mid E_3]-\mathrm {Pr}[S_3\mid E_3]|\) is negligible for \(\kappa \) since the advantage of \(\mathcal {D}\) is negligible.

Hybrid Experiment \(\mathbf {H}_4\). The computation of \(K_A^*\) in the test session is changed again. Instead of computing \((K^*_A,C^*_A)\leftarrow \mathsf {EnCap}( mpk , ID _B,T^*, R)\), it is changed as choosing \(K_A^*\leftarrow \mathcal {KS}_{ RH }\) randomly.

We construct a selective-IND-CCA adversary \(\mathcal {B}\) against RHIB-KEM from \(\mathcal {A}\) in \(\mathbf {H}_3\) or \(\mathbf {H}_4\). \(\mathcal {B}\) synchronizes the time period in the selective-IND-CCA game with the time period in the rhid-eCK game. \(\mathcal {B}\) performs the following steps.

Adversary \(\mathcal {B}\) gives the challenge identity/time period pair \(( ID _B,T^*)\) to challenger \(\mathcal {C}\) and receives a master public key \( mpk \) and the key update information \( ku _{ PKG ,1}\) in \(T_{ cu }=1\). Then, \(\mathcal {B}\) chooses a PRF \(F:\mathcal {FS}\times \{0,1\}^*\rightarrow \{0,1\}^{\kappa }\) with key space \(\mathcal {FS}\), a TPRF \(G: LD _{\kappa }\times RD _{\kappa }\rightarrow \mathcal {R}_{ wE }\) and a KDF \( KDF :\{0,1\}^{\kappa }\times \mathcal {KS}\rightarrow \mathcal {FS}\) with randomly chosen public salt \(s\in \{0,1\}^{\kappa }\). \(\mathcal {B}\) also sets \( MPK =(F,G,s, KDF , mpk )\). \(\mathcal {B}\) choose a set of identities \(\mathcal {ID}\) for honest parties, including \( ID _A\) and \( ID _B\), issues \(\mathsf {SecKeyGen}( ID )\) for all \( ID \in \mathcal {ID}\), and gives \(\{ ku _{ ID ,1}\}_{ ID \in \mathcal {ID}}\) answered by the oracle to \(\mathcal {A}\). \(\mathcal {B}\) then gives \( MPK \), \(\mathcal {ID}\), and \(\{ ku _{ ID ,1}\}_{ ID \in \mathcal {ID}}\) to \(\mathcal {A}\).

In preparation for \(\mathcal {A}\)’s oracle queries, \(\mathcal {B}\) creates a list \(\mathcal {L}_{S}\) of sessions, a list \(\mathcal {L}_{ SK }\) of completed session \(\mathsf {sid}\) and session key \( SK \) pairs, and a list \(\mathcal {L}_{ NCS }\) of non-completed sessions. Initially, these lists are empty sets. \(\mathcal {B}\) simulates oracle queries by \(\mathcal {A}\) as Fig. 3. When \(\mathcal {A}\) outputs a guess \(b'\), if \(\mathcal {A}\)’s guess is correct, \(\mathcal {B}\) answers that \(K^*\) received by the challenge query is the real key, otherwise it answers that \(K^*\) is the random key.

From \(\mathcal {A}\)’s point of view, the simulation by \(\mathcal {B}\) is the same as \(\mathbf {H}_3\) if \(K^*\) that \(\mathcal {B}\) received in the challenge was the real key. Otherwise, the simulation by \(\mathcal {B}\) is the same as \(\mathbf {H}_4\). Thus, \(|\mathrm {Pr}[S_3\mid E_3]-\mathrm {Pr}[S_4\mid E_3]|\) is negligible for \(\kappa \) since the advantage of \(\mathcal {B}\) is negligible.

Hybrid Experiment \(\mathbf {H}_5\). The computation of \({K'}_A^*\) in the test session is changed. Instead of computing \({K'}_A^*\leftarrow KDF (s, K_A^*)\), it is changed as choosing \({K'}_A^*\in \mathcal {KS}\) randomly. \(K_A^*\) has sufficient min-entropy since it is randomly chosen in \(\mathbf {H}_4\). Thus, \(|\mathrm {Pr}[S_4\mid E_3]-\mathrm {Pr}[S_5\mid E_3]|\) is negligible for \(\kappa \) by the definition of the KDF.

Hybrid Experiment \(\mathbf {H}_6\). The computation of \( SK ^*\) in the test session is changed. Instead of computing \( SK ^*=F(K'^*_A, ST )\oplus F(K'^*_B, ST )\oplus F(K'^*_E, ST )\), it is changed as \( SK ^*=x\oplus F(K'^*_B, ST )\oplus F(K'^*_E, ST )\) where \(x\in \{0,1\}^{\kappa }\) is chosen randomly. We construct a distinguisher \(\mathcal {D}'\) between PRF F and a random function from \(\mathcal {A}\) in \(\mathbf {H}_5\) or \(\mathbf {H}_6\). \(\mathcal {D}\) simulates the security game obeying the scheme, except that \(\mathcal {D}\) computes \( SK ^*=x\oplus F(K'^*_B, ST )\oplus F(K'^*_E, ST )\) for \(\mathsf {Send}(\varPi ,\mathcal {I},T^*, ID _{A}, ID _{B})\), where x is either of the output of F or \( RF \). From \(\mathcal {A}\)’s point of view, the simulation by \(\mathcal {D}'\) is the same as \(\mathbf {H}_5\) if the oracle it accesses is PRF F. Otherwise, the simulation by \(\mathcal {D}'\) is the same as \(\mathbf {H}_6\). Thus, \(|\mathrm {Pr}[S_5\mid E_3]-\mathrm {Pr}[S_6\mid E_3]|\) is negligible for \(\kappa \) since the advantage of \(\mathcal {D}'\) is negligible.

The session key in the test session is perfectly randomized in \(\mathbf {H}_6\). We have \(\mathrm {Pr}[S_6\mid E_3]=1/2\) since \(\mathcal {A}\) cannot obtain any advantage from \(\mathsf {Test}\) query. Thus, \(|2\mathrm {Pr}[ Suc \mid E_3]-1|\) is negligible for \(\kappa \).

Event \(E_2\). We change the interface of oracle queries and the computation of the session key as in the case of \(E_1\). Let \(\mathbf {H}'_0,\dots ,\mathbf {H}'_5\) be these hybrid experiments and \(S'_i\) be the event that \(\mathcal {A}\) wins in experiment \(\mathbf {H}'_i\). Hybrid experiments \(\mathbf {H}'_0\), \(\mathbf {H}'_1\), and \(\mathbf {H}'_2\) are the same as \(\mathbf {H}_0\), \(\mathbf {H}_1\), and \(\mathbf {H}_2\) in \(E_1\) respectively.

Hybrid Experiment \(\mathbf {H}'_3\). The computation of \(K_E^*\) in the test session is changed. Instead of computing \((K^*_E,C^*_E)\leftarrow \mathsf {wEnCap}(ek^*_E,r_B)\), it is changed as choosing \(K_E^*\in _R \mathcal {KS}_{ RH }\) randomly.

We construct an IND-CPA adversary \(\mathcal {B}\) from \(\mathcal {A}\) in \(\mathbf {H}'_2\) or \(\mathbf {H}'_3\). \(\mathcal {B}\) simulates obeying the scheme, except that \(\mathcal {B}\) sets \(K^*_E=K^*\) for \(\mathsf {Send}(\varPi ,\mathcal {R},T^*, ID _{B}, ID _{A}, (C^*_{A}, ek ^*_E))\) and \(\mathsf {Send}(\varPi ,\mathcal {I},T^*, ID _{A}, ID _{B}, (C^*_{A}, ek ^*_E), (C^*_{B},C^*_E))\). From \(\mathcal {A}\)’s point of view, the simulation by \(\mathcal {B}\) is same as \(\mathbf {H}'_2\) if \(K^*\) received in the challenge is the real key from \(\mathsf {wEnCap}\). Otherwise, the simulation by \(\mathcal {B}\) is same as \(\mathbf {H}'_3\). Thus, \(|\mathrm {Pr}[S'_2\mid E_2]-\mathrm {Pr}[S'_3\mid E_2]|\) is negligible for \(\kappa \) since the KEM is IND-CPA secure.

Hybrid Experiments \(\mathbf {H}'_4\) and \(\mathbf {H}'_5\). Hybrid experiments \(\mathbf {H}'_4\) and \(\mathbf {H}'_5\) are similar to \(\mathbf {H}_5\) and \(\mathbf {H}_6\) in \(E_1\) respectively, except that the computation of \({K'}_E^*\) and \(F(K'^*_E, ST )\) are changed. Therefore, both \(|\mathrm {Pr}[S_3\mid E_2]-\mathrm {Pr}[S_4\mid E_2]|\) and \(|\mathrm {Pr}[S_4\mid E_2]-\mathrm {Pr}[S_5\mid E_2]|\) are also negligible for \(\kappa \) in the same way as \(E_1\).

The session key in the test session is perfectly randomized in \(\mathbf {H}_5\). We have \(\mathrm {Pr}[S_5\mid E_2]=1/2\). Thus, \(|2\mathrm {Pr}[ Suc \mid E_2]-1|\) is negligible for \(\kappa \).

B Estimation

In this appendix, we estimate the performance of our proposed protocol by using our cryptographic library. Our software cryptographic library is written in C, using OpenSSL C library for operations of a multiple precision integer. We used the Gallant–Lambert–Vanstone (GLV) [15] and Galbraith–Lin–Scott (GLS) [14] techniques for the scalar multiplication. We also applied the optimal ate pairing on Barreto-Naehrig curve to the pairing operation. In this work we chose the parameters at the 128-bit security level.

Table 2. Execution environment

Table 3. Experimental results (msec)

Fig. 3.

Query simulation

We summarize our execution environment for our experiment in Table 2. Table 3 contains the average time (in milliseconds) of 100 iterations, and also shows the timing of computing pairing and scalar multiplication on \(G_1\), \(G_2\). An estimated total time for instantiations of RHIB-AKE in Table 1 is within 1 s when the hierarchical level \(\ell \) is small (i.e., \(\ell \) = 2 or 3). In conclusion, if the device is the same spec as the Raspberry Pi3, using RHIB-AKE is quite practical.