Strongly Anonymous Ratcheted Key Exchange
Dowling B, Hauck E, Riepel D, Rösler P (2022)
Publication Type: Conference contribution
Publication year: 2022
Journal
Publisher: Springer Science and Business Media Deutschland GmbH
Book Volume: 13793 LNCS
Pages Range: 119-150
Conference Proceedings Title: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Event location: Taipei
ISBN: 9783031229688
DOI: 10.1007/978-3-031-22969-5_5
Abstract
Anonymity is an (abstract) security goal that is especially important to threatened user groups. Therefore, widely deployed communication protocols implement various measures to hide different types of information (i.e., metadata) about their users. Before actually defining anonymity, we consider an attack vector about which targeted user groups can feel concerned: continuous, temporary exposure of their secrets. Examples for this attack vector include intentionally planted viruses on victims’ devices, as well as physical access when their users are detained. Inspired by Signal’s Double-Ratchet Algorithm, Ratcheted (or Continuous) Key Exchange (RKE) is a novel class of protocols that increase confidentiality and authenticity guarantees against temporary exposure of user secrets. For this, an RKE regularly renews user secrets such that the damage due to past and future exposures is minimized; this is called Post-Compromise Security and Forward-Secrecy, respectively. With this work, we are the first to leverage the strength of RKE for achieving strong anonymity guarantees under temporary exposure of user secrets. We extend existing definitions for RKE to capture attacks that interrelate ciphertexts, seen on the network, with secrets, exposed from users’ devices. Although, at first glance, strong authenticity (and confidentiality) conflicts with strong anonymity, our anonymity definition is as strong as possible without diminishing other goals. We build strongly anonymity-, authenticity-, and confidentiality-preserving RKE and, along the way, develop new tools with applicability beyond our specific use-case: Updatable and Randomizable Signatures as well as Updatable and Randomizable Public Key Encryption. For both new primitives, we build efficient constructions.
Authors with CRIS profile
Involved external institutions
Ruhr-Universität Bochum (RUB)
Germany (DE)
New York University (NYU)
United States (USA) (US)
University of Sheffield
United Kingdom (GB)
Germany (DE)
New York University (NYU)
United States (USA) (US)
University of Sheffield
United Kingdom (GB)
How to cite
APA:
Dowling, B., Hauck, E., Riepel, D., & Rösler, P. (2022). Strongly Anonymous Ratcheted Key Exchange. In Shweta Agrawal, Dongdai Lin (Eds.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 119-150). Taipei, TW: Springer Science and Business Media Deutschland GmbH.
MLA:
Dowling, Benjamin, et al. "Strongly Anonymous Ratcheted Key Exchange." Proceedings of the 28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022, Taipei Ed. Shweta Agrawal, Dongdai Lin, Springer Science and Business Media Deutschland GmbH, 2022. 119-150.
BibTeX: Download