Skip to main content
SpringerLink
Log in

Continuous Key Agreement with Reduced Bandwidth

  • Conference paper
  • First Online:
Cyber Security Cryptography and Machine Learning (CSCML 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11527))

Abstract

Continuous Key Agreement (CKA) is a two-party procedure used by Double Ratchet protocols (e. g., Signal). This is a continuous and synchronous protocol that generates a fresh key for every sent/received message. It guarantees forward secrecy and post-compromise security. Alwen et al. have recently proposed a new KEM-based CKA construction where every message contains a ciphertext and a fresh public key. This can be made quantum-safe by deploying a quantum-safe KEM. They mention that the bandwidth can be reduced when using an ElGamal KEM (which is not quantum-safe). In this paper, we generalized their approach by defining a new primitive, namely Merged KEM (MKEM). This primitive merges the key generation and the encapsulation steps of a KEM. This is not possible for every KEM and we discuss cases where a KEM can be converted to an MKEM. One example is the quantum-safe proposal BIKE1, where the BIKE-MKEM saves \(50\%\) of the communication bandwidth, compared to the original construction. In addition, we offer the notion and two constructions for hybrid CKA.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We use the terminology quantum-safe to cryptographic algorithms that rely on problems that are believed to be hard even in the presence of quantum computers. For example, cryptographic algorithms that rely on factorization (e. g., RSA) are not considered quantum-safe due to Shor’s algorithm [18]. On the other hand for some parameters cryptographic algorithms that rely on the Shortest Vector Problem over lattices are commonly considered quantum-safe.

  2. 2.

    CKA uses ephemeral keys for both KEM and MKEM. This protects the scheme from attacks that may exploit decapsulation failures, such as [12] in the context of QC-MDPC codes. We note that CKA is aborted (and subsequently re-initialized) upon encountering a decapsulation failure.

References

  1. Messenger secret conversations: Technical whitepaper (2013). https://fbnewsroomus.files.wordpress.com/2016/07/secret_conversations_whitepaper-1.pdf

  2. Nist:post-quantum cryptography - call for proposals, September 2017. https://csrc.nist.gov/Projects/Post-Quantum-Cryptography

  3. Whatsapp encryption overview: Technical white paper, December 2017. https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf

  4. Alwen, J., Coretti, S., Dodis, Y.: The double ratchet: security notions, proofs, and modularization for the signal protocol. Cryptology ePrint Archive, Report 2018/1037 (2018). https://eprint.iacr.org/2018/1037

  5. Aragon, N., et al.: BIKE: bit flipping key encapsulation (2017)

    Google Scholar 

  6. Bellare, M., Singh, A.C., Jaeger, J., Nyayapati, M., Stepanovs, I.: Ratcheted encryption and key exchange: the security of messaging. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 619–650. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_21

    Chapter  Google Scholar 

  7. Bernstein, D.J., et al.: Classic McEliece: conservative code-based cryptography (2017)

    Google Scholar 

  8. Bindel, N., Brendel, J., Fischlin, M., Goncalves, B., Stebila, D.: Hybrid key encapsulation mechanisms and authenticated key exchange. Cryptology ePrint Archive, Report 2018/903, September 2018. http://eprint.iacr.org/

  9. Bos, J., et al.: CRYSTALS - Kyber: a CCA-secure module-lattice-based KEM. Cryptology ePrint Archive, Report 2017/634 (2017). https://eprint.iacr.org/2017/634

  10. Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. In: 2017 IEEE European Symposium on Security and Privacy (EuroS P), pp. 451–466, April 2017. https://doi.org/10.1109/EuroSP.2017.27

  11. Durak, F.B., Vaudenay, S.: Bidirectional asynchronous ratcheted key agreement without key-update primitives. Cryptology ePrint Archive, Report 2018/889 (2018). https://eprint.iacr.org/2018/889

  12. Guo, Q., Johansson, T., Stankovski, P.: A key recovery attack on MDPC with CCA security using decoding errors. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 789–815. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_29

    Chapter  Google Scholar 

  13. Jaeger, J., Stepanovs, I.: Optimal channel security against fine-grained state compromise: the safety of messaging. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 33–62. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_2

    Chapter  Google Scholar 

  14. Lund, J.: Signal partners with microsoft to bring end-to-end encryption to skype, October 2018. https://signal.org/blog/skype-partnership

  15. Marlinspike, M.: Open whisper systems partners with Google on end-to-end encryption for allo (2013). https://signal.org/blog/allo/

  16. Perrin, T., Marlinspike, M.: The double ratchet algorithm. GitHub wiki (2016)

    Google Scholar 

  17. Poettering, B., Rösler, P.: Asynchronous ratcheted key exchange. Cryptology ePrint Archive, Report 2018/296 (2018). https://eprint.iacr.org/2018/296

  18. Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings 35th Annual Symposium on Foundations of Computer Science, pp. 124–134, November 1994. https://doi.org/10.1109/SFCS.1994.365700

Download references

Acknowledgments

This research was supported by: The Israel Science Foundation (grant No. 1018/16); The BIU Center for Research in Applied Cryptography and Cyber Security, in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office; the Center for Cyber Law & Policy at the University of Haifa in conjunction with the Israel National Cyber Directorate in the Prime Minister’s Office.

Author information

Authors and Affiliations

  1. University of Haifa, Haifa, Israel

    Nir Drucker & Shay Gueron

  2. Amazon, Seattle, USA

    Nir Drucker & Shay Gueron

Authors
  1. Nir Drucker
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shay Gueron
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nir Drucker .

Editor information

Editors and Affiliations

  1. Ben-Gurion University of the Negev, Beer-Sheva, Israel

    Shlomi Dolev

  2. Ben-Gurion University of the Negev, Beer-Sheva, Israel

    Danny Hendler

  3. Tata Consultancy Services, Chennai, India

    Sachin Lodha

  4. Columbia University and Google, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Drucker, N., Gueron, S. (2019). Continuous Key Agreement with Reduced Bandwidth. In: Dolev, S., Hendler, D., Lodha, S., Yung, M. (eds) Cyber Security Cryptography and Machine Learning. CSCML 2019. Lecture Notes in Computer Science(), vol 11527. Springer, Cham. https://doi.org/10.1007/978-3-030-20951-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-20951-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-20950-6

  • Online ISBN: 978-3-030-20951-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation