A Commitment-based Authentication model for Key Exchange protocols
This work provides a theoretical framework for key exchange protocols that may not fit existing models, offering a modular alternative for cryptographers and protocol designers.
The authors propose a new security model for Authenticated Key Exchange based on commitment schemes and ephemeral information, avoiding long-term cryptographic material. They construct several protocols and analyze their resistance to Man-in-the-Middle attacks, providing practical instances for both KEM-based and KA-based primitives.
In this work we construct an alternative model for Authenticated Key Exchange, intended to build a theoretic security framework for protocols whose characteristics may not always concur with the specifics of already existing models for authenticated exchanges. This model is constructed in a modular way, from the notion of commitment schemes and employing ephemeral information, therefore avoiding the exchange of long-term cryptographic material. From this model, we propose a number of Commitment-based protocols to establish a shared secret between two parties, and study their resistance over unauthenticated channels. This means analyzing the security of the protocol itself, and its robustness against Man-in-the-Middle attacks, by formalizing their security under this model. The protocols are constructed from Key Agreement (KA) and Key Encapsulation (KEM) primitives, to show that this model can be applied to both established and new paradigms. We highlight the differences that arise naturally, due to the nature of KEM constructions, in terms of the protocol itself and the types of attacks that they are subject to. We provide practical go-to protocols instances to migrate to, both for KEM-based and KA-based cryptographic primitives.