Strongly anonymous ratcheted key exchange

Dowling, B. orcid.org/0000-0003-3234-6527, Hauck, E. orcid.org/0000-0001-8691-6754, Riepel, D. orcid.org/0000-0002-4990-0929 et al. (1 more author) (2022) Strongly anonymous ratcheted key exchange. In: Agrawal, S. and Lin, D., (eds.) Advances in Cryptology – ASIACRYPT 2022: 28th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, December 5–9, 2022, Proceedings, Part III. 28th International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT 2022), 05-09 Dec 2022, Taipei, Taiwan. Lecture Notes in Computer Science, LNCS 13793 . Springer Nature Switzerland , pp. 119-150. ISBN 9783031229688

Abstract

Anonymity is an (abstract) security goal that is especially important to threatened user groups. Therefore, widely deployed communication protocols implement various measures to hide different types of information (i.e., metadata) about their users. Before actually defining anonymity, we consider an attack vector about which targeted user groups can feel concerned: continuous, temporary exposure of their secrets. Examples for this attack vector include intentionally planted viruses on victims’ devices, as well as physical access when their users are detained.

Inspired by Signal’s Double-Ratchet Algorithm, Ratcheted (or Continuous) Key Exchange (RKE) is a novel class of protocols that increase confidentiality and authenticity guarantees against temporary exposure of user secrets. For this, an RKE regularly renews user secrets such that the damage due to past and future exposures is minimized; this is called Post-Compromise Security and Forward-Secrecy, respectively.

With this work, we are the first to leverage the strength of RKE for achieving strong anonymity guarantees under temporary exposure of user secrets. We extend existing definitions for RKE to capture attacks that interrelate ciphertexts, seen on the network, with secrets, exposed from users’ devices. Although, at first glance, strong authenticity (and confidentiality) conflicts with strong anonymity, our anonymity definition is as strong as possible without diminishing other goals.

We build strongly anonymity-, authenticity-, and confidentiality-preserving RKE and, along the way, develop new tools with applicability beyond our specific use-case: Updatable and Randomizable Signatures as well as Updatable and Randomizable Public Key Encryption. For both new primitives, we build efficient constructions.

Metadata

Item Type:	Proceedings Paper
Authors/Creators:	Dowling, B. https://orcid.org/0000-0003-3234-6527 Hauck, E. https://orcid.org/0000-0001-8691-6754 Riepel, D. https://orcid.org/0000-0002-4990-0929 Rösler, P. https://orcid.org/0000-0002-2324-5671
Editors:	Agrawal, S. Lin, D.
Copyright, Publisher and Additional Information:	© 2022 International Association for Cryptologic Research . This is an author-produced version of a paper subsequently published in Lecture Notes in Computer Science. Uploaded in accordance with the publisher's self-archiving policy.
Keywords:	RKE; CKE; Ratcheted key exchange; Continuous key exchange; Anonymity; Secure messaging; State exposure; Post-compromise security
Dates:	Published: 25 January 2022 Published (online): 24 January 2023 Accepted: 27 September 2022
Institution:	The University of Sheffield
Academic Units:	The University of Sheffield > Faculty of Engineering (Sheffield) > Department of Computer Science (Sheffield)
Depositing User:	Symplectic Sheffield
Date Deposited:	24 Mar 2023 16:04
Last Modified:	24 Jan 2024 01:13
Status:	Published
Publisher:	Springer Nature Switzerland
Series Name:	Lecture Notes in Computer Science
Refereed:	Yes
Identification Number:	10.1007/978-3-031-22969-5_5
Open Archives Initiative ID (OAI ID):	oai:eprints.whiterose.ac.uk:197704

CORE (COnnecting REpositories)

Strongly anonymous ratcheted key exchange

Abstract

Metadata

Download

Accepted Version

Export

Statistics