Abstract:
We propose a modular extended Canetti-Krawczyk (eCK) named as meCK, in order to avoid the controversial random oracle assumption in the security proof of authenticated key exchange (AKE) protocols. Our model treats the AKE protocol as a secret exchange module and a key derivation module, and formalizes the adversarial capabilities and security properties. By composing the security of these two modules, we have the modular model and prove that it is stronger than the original eCK model. With the help of the modular approach, an efficient AKE protocol named as UPS is designed. UPS is provably meCK-secure under the existence of pseudo-random function family, target collision-resistant hash function family and the hardness of Gap Diffie-Hellman problem. Compared with the related works in standard model, UPS requires weaker and more standard cryptographic assumptions, and reduces 50%—67% group exponentiations. Finally, the design and security proof of UPS validate the effectiveness of our model, and solve an open problem in ProvSec09.