Skip to main content
SpringerLink
Log in

Symmetric-Key Authenticated Key Exchange (SAKE) with Perfect Forward Secrecy

  • Conference paper
  • First Online:
Topics in Cryptology – CT-RSA 2020 (CT-RSA 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12006))

Included in the following conference series:

Abstract

Key exchange protocols in the asymmetric-key setting are known to provide stronger security properties than protocols in symmetric-key cryptography. In particular, they can provide perfect forward secrecy, as illustrated by key exchange protocols based on the Diffie-Hellman scheme. However public-key algorithms are too heavy for low-resource devices, which can then not benefit from forward secrecy. In this paper, we describe a scheme that solves this issue. Using a shrewd resynchronisation technique, we propose an authenticated key exchange protocol in the symmetric-key setting that guarantees perfect forward secrecy. We prove that the protocol is sound, and provide a formal proof of its security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In Signal, the DH exchanges can be asynchronous. This impairs the forward secrecy property usually ensured by this scheme.

  2. 2.

    Note that \(\mathsf {ltk}\) can be a set of master keys (e.g., each one used by the party for a different purpose).

  3. 3.

    The proofs of soundness and security for SAKE-AM are essentially the same as for SAKE (see Sect. 5). They are given in the full version of the paper [8].

  4. 4.

    This alternative has been suggested by anonymous reviewers of Crypto 2019.

  5. 5.

    We describe it from SAKE, but the same holds for SAKE-AM.

References

  1. Signal. https://signal.org/

  2. 3rd Generation Partnership Project: Technical Specifications 33. http://www.3gpp.org/DynaReport/33-series.htm

  3. 3rd Generation Partnership Project: Technical Specifications 35. http://www.3gpp.org/DynaReport/35-series.htm

  4. Abdalla, M., Bellare, M.: Increasing the lifetime of a key: a comparative analysis of the security of re-keying techniques. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 546–559. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_42

    Chapter  Google Scholar 

  5. Adrian, D., et al.: Imperfect forward secrecy: how Diffie-Hellman fails in practice. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 5–17. ACM Press, October 2015. https://doi.org/10.1145/2810103.2813707

  6. Alwen, J., Coretti, S., Dodis, Y.: The Double Ratchet: Security Notions, Proofs, and Modularization for the Signal Protocol. Cryptology ePrint Archive, Report 2018/1037 (2018). https://eprint.iacr.org/2018/1037

  7. American National Standards Institute: ANSI X9.24-1:2009 Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques (2009)

    Google Scholar 

  8. Avoine, G., Canard, S., Ferreira, L.: Symmetric-key Authenticated Key Exchange (SAKE) with Perfect Forward Secrecy. Cryptology ePrint Archive, Report 2019/444 (2019). http://eprint.iacr.org/2019/444

  9. Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th FOCS, pp. 394–403. IEEE Computer Society Press, October 1997. https://doi.org/10.1109/SFCS.1997.646128

  10. Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_28

    Chapter  Google Scholar 

  11. Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. J. Cryptol. 21(4), 469–491 (2008). https://doi.org/10.1007/s00145-008-9026-x

    Article  MathSciNet  MATH  Google Scholar 

  12. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21

    Chapter  Google Scholar 

  13. Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_25

    Chapter  Google Scholar 

  14. Bellare, M., Yee, B.: Forward-security in private-key cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1–18. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36563-X_1

    Chapter  Google Scholar 

  15. Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0024447

    Chapter  MATH  Google Scholar 

  16. Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Information Security and Cryptography. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-662-09527-0

    Book  MATH  Google Scholar 

  17. Brier, E., Peyrin, T.: A forward-secure symmetric-key derivation protocol. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 250–267. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_15

    Chapter  Google Scholar 

  18. Brzuska, C., Jacobsen, H., Stebila, D.: Safely exporting keys from secure channels. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 670–698. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_26

    Chapter  Google Scholar 

  19. Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 451–466. IEEE, April 2017. https://doi.org/10.1109/EuroSP.2017.27

  20. Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)

    Article  MathSciNet  Google Scholar 

  21. Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Crypt. 2(2), 107–125 (1992)

    Article  MathSciNet  Google Scholar 

  22. Dousti, M.S., Jalili, R.: FORSAKES: a forward-secure authenticated key exchange protocol based on symmetric key-evolving schemes. Cryptology ePrint Archive, Report 2014/123 (2014). http://eprint.iacr.org/2014/123

  23. GlobalPlatform: GlobalPlatform - Card Specification - Version 2.3.1, reference GPC\_SPE\_034, March 2018. https://www.globalplatform.org/specificationscard.asp

  24. Günther, C.G.: An identity-based key-exchange protocol. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 29–37. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-46885-4_5

    Chapter  Google Scholar 

  25. Hlauschek, C., Gruber, M., Fankhauser, F., Schanes, C.: Prying open Pandora’s box: KCI attacks against TLS. In: Proceedings of the 9th USENIX Conference on Offensive Technologies, WOOT 2015, USENIX Association (2015)

    Google Scholar 

  26. International Organization for Standardization: ISO/IEC 11770–2 - Information technology - Security techniques - Key Management - Part 2: Mechanisms using Symmetric Techniques (2008)

    Google Scholar 

  27. Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. Cryptology ePrint Archive, Report 2011/219 (2011). http://eprint.iacr.org/2011/219

  28. Le, T.V., Burmester, M., de Medeiros, B.: Universally composable and forward-secure RFID authentication and authenticated key exchange. In: Bao, F., Miller, S. (eds.) ASIACCS 2007, pp. 242–252. ACM Press, March 2007

    Google Scholar 

  29. Park, T., Shin, K.G.: LiSP: a lightweight security protocol for wireless sensor networks. ACM Trans. Embed. Comput. Syst. 3(3), 634–660 (2004)

    Article  Google Scholar 

  30. Perrig, A., Szewczyk, R., Tygar, J., Wen, V., Culler, D.E.: SPINS: security protocols for sensor networks. Wireless Netw. 8(5), 521–534 (2002)

    Article  Google Scholar 

  31. Perrin, T., Marlinspike, M.: The Double Ratchet Algorithm (2016). https://signal.org/docs/specifications/doubleratchet/. Revision 1, 20/11/2016

  32. Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004). http://eprint.iacr.org/2004/332

  33. Sornin, N., Luis, M., Eirich, T., Kramp, T.: LoRaWAN Specification, LoRa Alliance, version 1.0, July 2016

    Google Scholar 

  34. ZigBee Alliance: ZigBee specification. http://www.zigbee.org/download/standards-zigbee-specification/

Download references

Acknowledgment

We thank the anonymous reviewers for their valuable comments.

Author information

Authors and Affiliations

  1. Univ Rennes, INSA Rennes, CNRS, IRISA, Rennes, France

    Gildas Avoine & Loïc Ferreira

  2. Institut Universitaire de France, Paris, France

    Gildas Avoine

  3. Orange Labs, Applied Crypto Group, Caen, France

    Sébastien Canard & Loïc Ferreira

Authors
  1. Gildas Avoine
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sébastien Canard
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Loïc Ferreira
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Loïc Ferreira .

Editor information

Editors and Affiliations

  1. University of California, Irvine, CA, USA

    Stanislaw Jarecki

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Avoine, G., Canard, S., Ferreira, L. (2020). Symmetric-Key Authenticated Key Exchange (SAKE) with Perfect Forward Secrecy. In: Jarecki, S. (eds) Topics in Cryptology – CT-RSA 2020. CT-RSA 2020. Lecture Notes in Computer Science(), vol 12006. Springer, Cham. https://doi.org/10.1007/978-3-030-40186-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-40186-3_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-40185-6

  • Online ISBN: 978-3-030-40186-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation