1. Highly Efficient Key Exchange Protocols with Optimal Tightness 2019 Crypto KeyExchange
    Katriel Cohn-Gordon and Cas Cremers and Kristian Gjøsteen and Håkon Jacobsen and Tibor Jager
    [View PDF on eprint.iacr.org]
    [Show BibTex Citation]

    @misc{cryptoeprint:2019:737,
    author = {Katriel Cohn-Gordon and Cas Cremers and Kristian Gjøsteen and Håkon Jacobsen and Tibor Jager },
    title = {Highly Efficient Key Exchange Protocols with Optimal Tightness -- Enabling real-world deployments with theoretically sound parameters},
    howpublished = {Cryptology ePrint Archive, Report 2019/737},
    year = {2019},
    note = {\url{https://eprint.iacr.org/2019/737}},
    }

In this paper we give nearly tight reductions for modern implicitly authenticated Diffie-Hellman protocols in the style of the Signal and Noise protocols, which are extremely simple and efficient. Unlike previous approaches, the combination of nearly tight proofs and efficient protocols enables the first real-world instantiations for which the parameters can be chosen in a theoretically sound manner, i.e., according to the bounds of the reductions. Specifically, our reductions have a security loss which is only linear in the number of users μ and constant in the number of sessions per user ℓ. This is much better than most other key exchange proofs which are typically quadratic in the product μℓ. Combined with the simplicity of our protocols, this implies that our protocols are more efficient than the state of the art when soundly instantiated.

We also prove that our security proofs are optimal: a linear loss in the number of users is unavoidable for our protocols for a large and natural class of reductions.

  1.