Continuous Key Agreement with Reduced Bandwidth

  • Nir DruckerEmail author
  • Shay Gueron
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11527)


Continuous Key Agreement (CKA) is a two-party procedure used by Double Ratchet protocols (e. g., Signal). This is a continuous and synchronous protocol that generates a fresh key for every sent/received message. It guarantees forward secrecy and post-compromise security. Alwen et al. have recently proposed a new KEM-based CKA construction where every message contains a ciphertext and a fresh public key. This can be made quantum-safe by deploying a quantum-safe KEM. They mention that the bandwidth can be reduced when using an ElGamal KEM (which is not quantum-safe). In this paper, we generalized their approach by defining a new primitive, namely Merged KEM (MKEM). This primitive merges the key generation and the encapsulation steps of a KEM. This is not possible for every KEM and we discuss cases where a KEM can be converted to an MKEM. One example is the quantum-safe proposal BIKE1, where the BIKE-MKEM saves \(50\%\) of the communication bandwidth, compared to the original construction. In addition, we offer the notion and two constructions for hybrid CKA.


Double Ratchet protocol Continuous Key Agreement Post Quantum Cryptography Code-based cryptography BIKE 



This research was supported by: The Israel Science Foundation (grant No. 1018/16); The BIU Center for Research in Applied Cryptography and Cyber Security, in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office; the Center for Cyber Law & Policy at the University of Haifa in conjunction with the Israel National Cyber Directorate in the Prime Minister’s Office.


  1. 1.
    Messenger secret conversations: Technical whitepaper (2013).
  2. 2.
    Nist:post-quantum cryptography - call for proposals, September 2017.
  3. 3.
    Whatsapp encryption overview: Technical white paper, December 2017.
  4. 4.
    Alwen, J., Coretti, S., Dodis, Y.: The double ratchet: security notions, proofs, and modularization for the signal protocol. Cryptology ePrint Archive, Report 2018/1037 (2018).
  5. 5.
    Aragon, N., et al.: BIKE: bit flipping key encapsulation (2017)Google Scholar
  6. 6.
    Bellare, M., Singh, A.C., Jaeger, J., Nyayapati, M., Stepanovs, I.: Ratcheted encryption and key exchange: the security of messaging. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 619–650. Springer, Cham (2017). Scholar
  7. 7.
    Bernstein, D.J., et al.: Classic McEliece: conservative code-based cryptography (2017)Google Scholar
  8. 8.
    Bindel, N., Brendel, J., Fischlin, M., Goncalves, B., Stebila, D.: Hybrid key encapsulation mechanisms and authenticated key exchange. Cryptology ePrint Archive, Report 2018/903, September 2018.
  9. 9.
    Bos, J., et al.: CRYSTALS - Kyber: a CCA-secure module-lattice-based KEM. Cryptology ePrint Archive, Report 2017/634 (2017).
  10. 10.
    Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. In: 2017 IEEE European Symposium on Security and Privacy (EuroS P), pp. 451–466, April 2017.
  11. 11.
    Durak, F.B., Vaudenay, S.: Bidirectional asynchronous ratcheted key agreement without key-update primitives. Cryptology ePrint Archive, Report 2018/889 (2018).
  12. 12.
    Guo, Q., Johansson, T., Stankovski, P.: A key recovery attack on MDPC with CCA security using decoding errors. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 789–815. Springer, Heidelberg (2016). Scholar
  13. 13.
    Jaeger, J., Stepanovs, I.: Optimal channel security against fine-grained state compromise: the safety of messaging. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 33–62. Springer, Cham (2018). Scholar
  14. 14.
    Lund, J.: Signal partners with microsoft to bring end-to-end encryption to skype, October 2018.
  15. 15.
    Marlinspike, M.: Open whisper systems partners with Google on end-to-end encryption for allo (2013).
  16. 16.
    Perrin, T., Marlinspike, M.: The double ratchet algorithm. GitHub wiki (2016)Google Scholar
  17. 17.
    Poettering, B., Rösler, P.: Asynchronous ratcheted key exchange. Cryptology ePrint Archive, Report 2018/296 (2018).
  18. 18.
    Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings 35th Annual Symposium on Foundations of Computer Science, pp. 124–134, November 1994.

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.University of HaifaHaifaIsrael
  2. 2.AmazonSeattleUSA

Personalised recommendations