Advertisement

Constant-Round Group Key Exchange from the Ring-LWE Assumption

  • Daniel Apon
  • Dana Dachman-Soled
  • Huijing GongEmail author
  • Jonathan Katz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11505)

Abstract

Group key-exchange protocols allow a set of N parties to agree on a shared, secret key by communicating over a public network. A number of solutions to this problem have been proposed over the years, mostly based on variants of Diffie-Hellman (two-party) key exchange. To the best of our knowledge, however, there has been almost no work looking at candidate post-quantum group key-exchange protocols.

Here, we propose a constant-round protocol for unauthenticated group key exchange (i.e., with security against a passive eavesdropper) based on the hardness of the Ring-LWE problem. By applying the Katz-Yung compiler using any post-quantum signature scheme, we obtain a (scalable) protocol for authenticated group key exchange with post-quantum security. Our protocol is constructed by generalizing the Burmester-Desmedt protocol to the Ring-LWE setting, which requires addressing several technical challenges.

Keywords

Ring learning with errors Post-quantum cryptography Group key exchange 

Notes

Acknowledgments

This material is based on work performed under financial assistance award 70NANB15H328 from the U.S. Department of Commerce, National Institute of Standards and Technology. Work by Dana Dachman-Soled was additionally supported in part by NSF grants #CNS-1840893 and #CNS-1453045, and by a research partnership award from Cisco.

References

  1. 1.
    Abdalla, M., Bresson, E., Chevassut, O., Pointcheval, D.: Password-based group key exchange in a constant number of rounds. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 427–442. Springer, Heidelberg (2006).  https://doi.org/10.1007/11745853_28CrossRefzbMATHGoogle Scholar
  2. 2.
    Abdalla, M., Pointcheval, D.: A scalable password-based group key exchange protocol in the standard model. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 332–347. Springer, Heidelberg (2006).  https://doi.org/10.1007/11935230_22CrossRefzbMATHGoogle Scholar
  3. 3.
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: NewHope without reconciliation. Cryptology ePrint Archive, Report 2016/1157 (2016). http://eprint.iacr.org/2016/1157
  4. 4.
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange—a new hope. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 327–343. USENIX Association, Austin (2016)Google Scholar
  5. 5.
    Becker, K., Wille, U.: Communication complexity of group key distribution. In: Proceedings of the 5th ACM Conference on Computer and Communications Security, CCS 1998, pp. 1–6. ACM, New York (1998)Google Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: 27th Annual ACM Symposium on Theory of Computing, Las Vegas, NV, USA, 29 May–1 June, pp. 57–66. ACM Press (1995)Google Scholar
  7. 7.
    Bogdanov, A., Guo, S., Masny, D., Richelson, S., Rosen, A.: On the hardness of learning with rounding over small modulus. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 209–224. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49096-9_9CrossRefzbMATHGoogle Scholar
  8. 8.
    Bohli, J.-M., Vasco, M.I.G., Steinwandt, R.: Password-authenticated constant-round group key establishment with a common reference string. Cryptology ePrint Archive, Report 2006/214 (2006). http://eprint.iacr.org/2006/214
  9. 9.
    Bohli, J.-M., Vasco, M.I.G., Steinwandt, R.: Secure group key establishment revisited. Int. J. Inf. Secur. 6(4), 243–254 (2007)CrossRefGoogle Scholar
  10. 10.
    Boneh, D., et al.: Multiparty non-interactive key exchange and more from isogenies on elliptic curves. arXiv preprint arXiv:1807.03038 (2018)
  11. 11.
    Bresson, E., Catalano, D.: Constant round authenticated group key agreement via distributed computation. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 115–129. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24632-9_9CrossRefzbMATHGoogle Scholar
  12. 12.
    Bresson, E., Chevassut, O., Pointcheval, D.: Provably authenticated group Diffie-Hellman key exchange—the dynamic case. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 290–309. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45682-1_18CrossRefGoogle Scholar
  13. 13.
    Bresson, E., Chevassut, O., Pointcheval, D.: Dynamic group Diffie-Hellman key exchange under standard assumptions. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 321–336. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-46035-7_21CrossRefGoogle Scholar
  14. 14.
    Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably authenticated group Diffie-Hellman key exchange. In: 8th Conference on Computer and Communications Security, ACM CCS 2001, Philadelphia, PA, USA, 5–8 November, pp. 255–264. ACM Press (2001)Google Scholar
  15. 15.
    Burmester, M., Desmedt, Y.: A secure and efficient conference key distribution system. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 275–286. Springer, Heidelberg (1995).  https://doi.org/10.1007/BFb0053443CrossRefGoogle Scholar
  16. 16.
    Burmester, M., Desmedt, Y.: A secure and scalable group key exchange system. Inf. Process. Lett. 94(3), 137–143 (2005)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Choi, K.Y., Hwang, J.Y., Lee, D.H.: Efficient ID-based group key agreement with bilinear maps. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 130–144. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24632-9_10CrossRefGoogle Scholar
  18. 18.
    Crockett, E., Peikert, C.: Challenges for ring-LWE. Cryptology ePrint Archive, Report 2016/782 (2016). http://eprint.iacr.org/2016/782
  19. 19.
    Ding, J., Xie, X., Lin, X.: A simple provably secure key exchange scheme based on the learning with errors problem. Cryptology ePrint Archive, Report 2012/688 (2012). http://eprint.iacr.org/2012/688
  20. 20.
    Hoeffding, W.: Probability inequalities for sums of bounded random variables. J. Am. Stat. Assoc. 58(301), 13–30 (1963)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Ingemarsson, I., Tang, D., Wong, C.: A conference key distribution system. IEEE Trans. Inf. Theor. 28(5), 714–720 (1982)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Katz, J., Shin, J.S.: Modeling insider attacks on group key-exchange protocols. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, pp. 180–189. ACM, New York (2005)Google Scholar
  23. 23.
    Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110–125. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_7CrossRefGoogle Scholar
  24. 24.
    Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. J. Cryptol. 20(1), 85–113 (2007)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Kim, Y., Perrig, A., Tsudik, G.: Simple and fault-tolerant key agreement for dynamic collaborative groups. In: Proceedings of the 7th ACM Conference on Computer and Communications Security, CCS 2000, pp. 235–244. ACM, New York (2000)Google Scholar
  26. 26.
    Langlois, A., Stehlé, D., Steinfeld, R.: GGHLite: more efficient multilinear maps from ideal lattices. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 239–256. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55220-5_14CrossRefGoogle Scholar
  27. 27.
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_1CrossRefGoogle Scholar
  28. 28.
    Peikert, C.: Lattice cryptography for the internet. Cryptology ePrint Archive, Report 2014/070 (2014). http://eprint.iacr.org/2014/070CrossRefGoogle Scholar
  29. 29.
    Steer, D.G., Strawczynski, L.: A secure audio teleconference system. In: 21st Century Military Communications - What’s Possible?’. Conference Record. Military Communications Conference, MILCOM 1988, October 1988Google Scholar
  30. 30.
    Steiner, M., Tsudik, G., Waidner, M.: Key agreement in dynamic peer groups. IEEE Trans. Parallel Distrib. Syst. 11(8), 769–780 (2000)CrossRefGoogle Scholar
  31. 31.
    Wu, Q., Mu, Y., Susilo, W., Qin, B., Domingo-Ferrer, J.: Asymmetric group key agreement. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 153–170. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_9CrossRefGoogle Scholar
  32. 32.
    Zhang, J., Zhang, Z., Ding, J., Snook, M., Dagdelen, Ö.: Authenticated key exchange from ideal lattices. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 719–751. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46803-6_24CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Daniel Apon
    • 1
  • Dana Dachman-Soled
    • 2
  • Huijing Gong
    • 2
    Email author
  • Jonathan Katz
    • 2
  1. 1.National Institute of Standards and TechnologyGaithersburgUSA
  2. 2.University of MarylandCollege ParkUSA

Personalised recommendations