Lattice Based Group Key Exchange Protocol in the Standard Model

Group key exchange schemes allow group members to agree on a session key. Although there are many works on constructing group key exchange schemes, but most of them are based on algebraic problems which can be solved by quantum algorithms in polynomial time. Even if several works considered lattice based group key exchange schemes, believed to be post-quantum secure, but only in the random oracle model. In this work, we propose a group key exchange scheme based on ring learning with errors problem. On contrast to existing schemes, our scheme is proved to be secure in the standard model. To achieve this, we define and instantiate multi-party key reconciliation mechanism. Furthermore, using known compiler with lattice based signature schemes, we can achieve authenticated group key exchange with postquantum security.

Post-Quantum Constant-Round Group Key Exchange from Static Assumptions

We revisit a generic compiler from a two-party key exchange (KE) protocol to a group KE (GKE) one by Just and Vaudenay. We then give two families of GKE protocols from static assumptions, which are obtained from the general compiler. The first family of the GKE protocols is a constant-round GKE by using secure key derivation functions (KDFs). As special cases, we have such GKE from static Ring-LWE (R-LWE), where “static” means that the parameter size in the R-LWE does not depend on the number of group members, n, and also from the standard SI-DDH and CSI-DDH assumptions. The second family consists of two-round GKE protocols from isogenies, which are proven secure from new isogeny assumptions, the first (resp. second) of which is based on the SIDH (resp. CSIDH) two-party KE. The underlying new static assumptions are based on indistinguishability between a product value of supersingular invariants and a random value.

Compiled Constructions towards Post-Quantum Group Key Exchange: A Design from Kyber

A group authenticated key exchange (GAKE) protocol allows a set of parties belonging to a certain designated group to agree upon a common secret key through an insecure communication network. In the last few years, many new cryptographic tools have been specifically designed to thwart attacks from adversaries which may have access to (different kinds of) quantum computation resources. However, few constructions for group key exchange have been put forward. Here, we propose a four-round GAKE which can be proven secure under widely accepted assumptions in the Quantum Random Oracle Model. Specifically, we integrate several primitives from the so-called Kyber suite of post-quantum tools in a (slightly modified) compiler from Abdalla et al. (TCC 2007). More precisely, taking as a starting point an IND-CPA encryption scheme from the Kyber portfolio, we derive, using results from Hövelmanns et al. (PKC 2020), a two-party key exchange protocol and an IND-CCA encryption scheme and prove them fit as building blocks for our compiled construction. The resulting GAKE protocol is secure under the Module-LWE assumption, and furthermore achieves authentication without the use of (expensive) post-quantum signatures.