Skip to main content
Springer Nature Link
Log in

Tightly-Secure Group Key Exchange with Perfect Forward Secrecy

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2024 (ASIACRYPT 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15488))

  • 465 Accesses

Abstract

In this work, we present a new paradigm for constructing Group Authenticated Key Exchange (GAKE). This result is the first tightly secure GAKE scheme in a strong security model that allows maximum exposure attacks (MEX) where the attacker is allowed to either reveal the secret session state or the long-term secret of all communication partners. Moreover, our protocol features the strong and realistic notion of (full) perfect forward secrecy (PFS), that allows the attacker to actively modify messages before corrupting parties. We obtain our results via a series of tightly secure transformations. Our first transformation is from weakly secure KEMs to unilateral authenticated key exchange (UAKE) with weak forward secrecy (WFS). Next, we show how to turn this into an UAKE with PFS in the random oracle model. Finally, and as one of our major novel conceptual contributions, we describe how to build GAKE protocols from UAKE protocols, also in the random oracle model. We apply our transformations to obtain two practical GAKE protocols with tight security. The first is based on the DDH assumption and features low message complexity. Our second result is based on the LWE assumption. In this way, we obtain the first GAKE protocol from a post-quantum assumption that is tightly secure in a strong model of security allowing MEX attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The signature schemes introduced in [16, 27] do provide (almost) tight security but are too inefficient for practical applications.

References

  1. Abdalla, M., Bohli, J.M., González Vasco, M.I., Steinwandt, R.: (Password) authenticated key establishment: From 2-party to group. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 499–514. Springer, Berlin, Heidelberg (Feb 2007). https://doi.org/10.1007/978-3-540-70936-7_27

  2. Alwen, J., Coretti, S., Dodis, Y., Tselekounis, Y.: Security analysis and improvements for the IETF MLS standard for group messaging. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part I. LNCS, vol. 12170, pp. 248–277. Springer, Cham (Aug 2020). https://doi.org/10.1007/978-3-030-56784-2_9

  3. Alwen, J., Coretti, S., Jost, D., Mularczyk, M.: Continuous group key agreement with active security. In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part II. LNCS, vol. 12551, pp. 261–290. Springer, Cham (Nov 2020). https://doi.org/10.1007/978-3-030-64378-2_10

  4. Apon, D., Dachman-Soled, D., Gong, H., Katz, J.: Constant-round group key exchange from the ring-LWE assumption. In: Ding, J., Steinwandt, R. (eds.) Post-Quantum Cryptography - 10th International Conference, PQCrypto 2019. pp. 189–205. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25510-7_11

  5. Bader, C., Jager, T., Li, Y., Schäge, S.: On the impossibility of tight cryptographic reductions. In: Fischlin, M., Coron, J.S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 273–304. Springer, Berlin, Heidelberg (May 2016). https://doi.org/10.1007/978-3-662-49896-5_10

  6. Bienstock, A., Dodis, Y., Garg, S., Grogan, G., Hajiabadi, M., Rösler, P.: On the worst-case inefficiency of CGKA. In: Kiltz, E., Vaikuntanathan, V. (eds.) TCC 2022, Part II. LNCS, vol. 13748, pp. 213–243. Springer, Cham (Nov 2022). https://doi.org/10.1007/978-3-031-22365-5_8

  7. Burmester, M., Desmedt, Y.: A secure and efficient conference key distribution system (extended abstract). In: Santis, A.D. (ed.) EUROCRYPT’94. LNCS, vol. 950, pp. 275–286. Springer, Berlin, Heidelberg (May 1995). https://doi.org/10.1007/BFb0053443

  8. Cohn-Gordon, K., Cremers, C.: Mind the gap: Where provable security and real-world messaging don’t quite meet. Cryptology ePrint Archive, Report 2017/982 (2017), https://eprint.iacr.org/2017/982

  9. Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On ends-to-ends encryption: Asynchronous group messaging with strong security guarantees. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018. pp. 1802–1819. ACM Press (Oct 2018). https://doi.org/10.1145/3243734.3243747

  10. Diemert, D., Gellert, K., Jager, T., Lyu, L.: More efficient digital signatures with tight multi-user security. In: Garay, J. (ed.) PKC 2021, Part II. LNCS, vol. 12711, pp. 1–31. Springer, Cham (May 2021). https://doi.org/10.1007/978-3-030-75248-4_1

  11. Dodis, Y., Fiore, D.: Unilaterally-authenticated key exchange. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 542–560. Springer, Cham (Apr 2017). https://doi.org/10.1007/978-3-319-70972-7_31

  12. Dutta, R., Barua, R.: Constant round dynamic group key agreement. In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 74–88. Springer, Berlin, Heidelberg (Sep 2005). https://doi.org/10.1007/11556992_6

  13. Fleischhacker, N., Jager, T., Schröder, D.: On tight security proofs for Schnorr signatures. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 512–531. Springer, Berlin, Heidelberg (Dec 2014). https://doi.org/10.1007/978-3-662-45611-8_27

  14. Gorantla, M.C., Boyd, C., González Nieto, J.M.: Modeling key compromise impersonation attacks on group key exchange protocols. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 105–123. Springer, Berlin, Heidelberg (Mar 2009). https://doi.org/10.1007/978-3-642-00468-1_7

  15. Han, S., Jager, T., Kiltz, E., Liu, S., Pan, J., Riepel, D., Schäge, S.: Authenticated key exchange and signatures with tight security in the standard model. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part IV. LNCS, vol. 12828, pp. 670–700. Springer, Cham, Virtual Event (Aug 2021). https://doi.org/10.1007/978-3-030-84259-8_23

  16. Han, S., Liu, S., Wang, Z., Gu, D.: Almost tight multi-user security under adaptive corruptions from LWE in the standard model. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO 2023, Part V. LNCS, vol. 14085, pp. 682–715. Springer, Cham (Aug 2023). https://doi.org/10.1007/978-3-031-38554-4_22

  17. Hövelmanns, K., Kiltz, E., Schäge, S., Unruh, D.: Generic authenticated key exchange in the quantum random oracle model. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020, Part II. LNCS, vol. 12111, pp. 389–422. Springer, Cham (May 2020). https://doi.org/10.1007/978-3-030-45388-6_14

  18. Ishibashi, R., Yoneyama, K.: Post-quantum anonymous one-sided authenticated key exchange without random oracles. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) PKC 2022, Part II. LNCS, vol. 13178, pp. 35–65. Springer, Cham (Mar 2022). https://doi.org/10.1007/978-3-030-97131-1_2

  19. Jager, T., Kiltz, E., Riepel, D., Schäge, S.: Tightly-secure authenticated key exchange, revisited. In: Canteaut, A., Standaert, F.X. (eds.) EUROCRYPT 2021, Part I. LNCS, vol. 12696, pp. 117–146. Springer, Cham (Oct 2021). https://doi.org/10.1007/978-3-030-77870-5_5

  20. ). Klein, K., Pascual-Perez, G., Walter, M., Kamath, C., Capretto, M., Cueto, M., Markov, I., Yeo, M., Alwen, J., Pietrzak, K.: Keep the dirt: Tainted TreeKEM, adaptively and actively secure continuous group key agreement. In: 2021 IEEE Symposium on Security and Privacy. pp. 268–284. IEEE Computer Society Press (May 2021). https://doi.org/10.1109/SP40001.2021.00035

  21. Krawczyk, H.: HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Berlin, Heidelberg (Aug 2005). https://doi.org/10.1007/11535218_33

  22. LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Berlin, Heidelberg (Nov 2007). https://doi.org/10.1007/978-3-540-75670-5_1

  23. Maurer, U., Tackmann, B., Coretti, S.: Key exchange with unilateral authentication: Composable security definition and modular protocol design. Cryptology ePrint Archive, Report 2013/555 (2013), https://eprint.iacr.org/2013/555

  24. Mayer, A.J., Yung, M.: Secure protocol transformation via “expansion”: From two-party to groups. In: Motiwalla, J., Tsudik, G. (eds.) ACM CCS 99. pp. 83–92. ACM Press (Nov 1999). https://doi.org/10.1145/319709.319721

  25. Pan, J., Qian, C., Ringerud, M.: Signed (group) Diffie-Hellman key exchange with tight security. Journal of Cryptology 35(4),  26 (Oct 2022). https://doi.org/10.1007/s00145-022-09438-y

    Article  MathSciNet  Google Scholar 

  26. Pan, J., Riepel, D., Zeng, R.: Key exchange with tight (full) forward secrecy via key confirmation. In: Joye, M., Leander, G. (eds.) EUROCRYPT 2024, Part VII. LNCS, vol. 14657, pp. 59–89. Springer, Cham (May 2024). https://doi.org/10.1007/978-3-031-58754-2_3

  27. Pan, J., Wagner, B.: Lattice-based signatures with tight adaptive corruptions and more. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) PKC 2022, Part II. LNCS, vol. 13178, pp. 347–378. Springer, Cham (Mar 2022). https://doi.org/10.1007/978-3-030-97131-1_12

  28. Pan, J., Wagner, B., Zeng, R.: Lattice-based authenticated key exchange with tight security. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO 2023, Part V. LNCS, vol. 14085, pp. 616–647. Springer, Cham (Aug 2023). https://doi.org/10.1007/978-3-031-38554-4_20

  29. Pan, J., Wagner, B., Zeng, R.: Tighter security for generic authenticated key exchange in the QROM. In: Guo, J., Steinfeld, R. (eds.) ASIACRYPT 2023, Part IV. LNCS, vol. 14441, pp. 401–433. Springer, Singapore (Dec 2023). https://doi.org/10.1007/978-981-99-8730-6_13

  30. Poettering, B., Rösler, P., Schwenk, J., Stebila, D.: SoK: Game-based security models for group key exchange. In: Paterson, K.G. (ed.) CT-RSA 2021. LNCS, vol. 12704, pp. 148–176. Springer, Cham (May 2021). https://doi.org/10.1007/978-3-030-75539-3_7

  31. Shor, P.W.: Algorithms for quantum computation: Discrete logarithms and factoring. In: 35th FOCS. pp. 124–134. IEEE Computer Society Press (Nov 1994). https://doi.org/10.1109/SFCS.1994.365700

  32. Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004), https://eprint.iacr.org/2004/332

Download references

Acknowledgements

Emanuele Di Giandomenico and Sven Schäge have been supported by the CONFIDENTIAL6G project that is co-funded by the European Union (grant agreement ID: 101096435). Work done while Doreen Riepel was at UC San Diego, supported in part by Mihir Bellare’s KACST grant.

Author information

Authors and Affiliations

  1. Eindhoven University of Technology, Eindhoven, Netherlands

    Emanuele Di Giandomenico & Sven Schäge

  2. CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

    Doreen Riepel

Authors
  1. Emanuele Di Giandomenico
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Doreen Riepel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sven Schäge
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Emanuele Di Giandomenico .

Editor information

Editors and Affiliations

  1. Academia Sinica, Taipei, Taiwan

    Kai-Min Chung

  2. NTT Social Informatics Laboratories, Tokyo, Japan

    Yu Sasaki

Rights and permissions

Reprints and permissions

Copyright information

© 2025 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Di Giandomenico, E., Riepel, D., Schäge, S. (2025). Tightly-Secure Group Key Exchange with Perfect Forward Secrecy. In: Chung, KM., Sasaki, Y. (eds) Advances in Cryptology – ASIACRYPT 2024. ASIACRYPT 2024. Lecture Notes in Computer Science, vol 15488. Springer, Singapore. https://doi.org/10.1007/978-981-96-0935-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-981-96-0935-2_5

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-96-0934-5

  • Online ISBN: 978-981-96-0935-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics