Skip to main content
SpringerLink
Log in

Post-quantum Asynchronous Deniable Key Exchange and the Signal Handshake

  • Conference paper
  • First Online:
Public-Key Cryptography – PKC 2022 (PKC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13178))

Included in the following conference series:

Abstract

The key exchange protocol that establishes initial shared secrets in the handshake of the Signal end-to-end encrypted messaging protocol has several important characteristics: (1) it runs asynchronously (without both parties needing to be simultaneously online), (2) it provides implicit mutual authentication while retaining deniability (transcripts cannot be used to prove either party participated in the protocol), and (3) it retains security even if some keys are compromised (forward secrecy and beyond). All of these properties emerge from clever use of the highly flexible Diffie–Hellman protocol.

While quantum-resistant key encapsulation mechanisms (KEMs) can replace Diffie–Hellman key exchange in some settings, there is no replacement for the Signal handshake solely from KEMs that achieves all three aforementioned properties, in part due to the inherent asymmetry of KEM operations. In this paper, we show how to construct asynchronous deniable key exchange by combining KEMs and designated verifier signature (DVS) schemes, matching the characteristics of Signal. There are several candidates for post-quantum DVS schemes, either direct constructions or via ring signatures. This yields a template for an efficient post-quantum realization of the Signal handshake with the same asynchronicity and security properties as the original Signal protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In contrast, a strong DVS scheme allows only the designated verifier to verify a signature by requiring the verifier’s secret key as input to the verification algorithm.

  2. 2.

    Note that we call Bob the responder in our model despite Bob outputting the first, asynchronous key exchange message. Based on the high-level protocol interaction, we deem it more natural to call Alice, who decides to initiate a Signal session with Bob, the initiator (in contrast to, e.g., [21, 79, 80]).

  3. 3.

    This is slightly stronger than what freshness condition 3 (b) demands. In the security result for our full \(\mathsf {SPQR} \) protocol (see Sect. 5), this is captured more precisely.

  4. 4.

    In our full \(\mathsf {SPQR} \) protocol (see Sect. 5), we will strengthen this case by having Bob use semi-static DVS keys. This limits the time window for a key-compromise impersonation (KCI) attack [8] against Bob, as in the Signal handshake [67, §4.6].

References

  1. Alwen, J., Coretti, S., Dodis, Y.: The double ratchet: security notions, proofs, and modularization for the signal protocol. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 129–158. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_5

    Chapter  Google Scholar 

  2. Azarderakhsh, R., Jao, D., Leonardi, C.: Post-quantum static-static key agreement using multiple protocol instances. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 45–63. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72565-9_3

    Chapter  Google Scholar 

  3. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21

    Chapter  Google Scholar 

  4. Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053428

    Chapter  Google Scholar 

  5. Bellare, M., Singh, A.C., Jaeger, J., Nyayapati, M., Stepanovs, I.: Ratcheted encryption and key exchange: the security of messaging. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 619–650. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_21

    Chapter  Google Scholar 

  6. Bender, A., Katz, J., Morselli, R.: Ring signatures: stronger definitions, and constructions without random oracles. J. Cryptol. 22(1), 114–138 (2009)

    Article  MathSciNet  Google Scholar 

  7. Beullens, W., Katsumata, S., Pintore, F.: Calamari and Falafl: logarithmic (linkable) ring signatures from isogenies and lattices. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 464–492. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_16

    Chapter  Google Scholar 

  8. Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0024447

    Chapter  MATH  Google Scholar 

  9. Boneh, D., et al.: Multiparty non-interactive key exchange and more from isogenies on elliptic curves. J. Math. Cryptol. 14(1), 5–14 (2020)

    Article  MathSciNet  Google Scholar 

  10. Bonnetain, X., Schrottenloher, A.: Quantum security analysis of CSIDH. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 493–522. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_17

    Chapter  Google Scholar 

  11. Bos, J., et al.: CRYSTALS - Kyber: a CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy, EuroS&P 2018, pp. 353–367 (2018). https://cryptojedi.org/papers/#kyber

  12. Boyd, C., Cliff, Y., Nieto, J.M.G., Paterson, K.G.: One-round key exchange in the standard model. IJACT 1, 181–199 (2009)

    Article  MathSciNet  Google Scholar 

  13. Boyd, C., Gellert, K.: A modern view on forward security. Comput. J. 64(4), 639–652 (2020)

    Article  MathSciNet  Google Scholar 

  14. Brendel, J., Fiedler, R., Günther, F., Janson, C., Stebila, D.: Post-quantum asynchronous deniable key exchange and the Signal handshake. Cryptology ePrint Archive, Report 2021/769 (2021). https://eprint.iacr.org/2021/769

  15. Brendel, J., Fischlin, M., Günther, F., Janson, C., Stebila, D.: Towards post-quantum security for signal’s X3DH handshake. In: 27th Conference on Selected Areas in Cryptography (SAC) (2020)

    Google Scholar 

  16. Cai, J., et al.: ID-based strong designated verifier signature over \(\cal{R}\)-SIS assumption. Secur. Commun. Netw. 2019, 9678095:1-9678095:8 (2019)

    Article  Google Scholar 

  17. Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_28

    Chapter  Google Scholar 

  18. Canetti, R., Krawczyk, H.: Security analysis of IKE’s signature-based key-exchange protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 143–161. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_10

    Chapter  Google Scholar 

  19. Cash, D., Hofheinz, D., Kiltz, E., Peikert, C.: Bonsai trees, or how to delegate a lattice basis. J. Cryptol. 25(4), 601–639 (2012)

    Article  MathSciNet  Google Scholar 

  20. Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_15

    Chapter  Google Scholar 

  21. Cohn-Gordon, K., Cremers, C.J.F., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the Signal messaging protocol. In: IEEE European Symposium on Security and Privacy, EuroS&P 2017, pp. 451–466 (2017)

    Google Scholar 

  22. Cohn-Gordon, K., Cremers, C.J.F., Garratt, L.: On post-compromise security. In: CSF 2016 Computer Security Foundations Symposium, pp. 164–178 (2016)

    Google Scholar 

  23. Cremers, C., Feltz, M.: One-round strongly secure key exchange with perfect forward secrecy and deniability. Cryptology ePrint Archive, Report 2011/300 (2011). https://eprint.iacr.org/2011/300

  24. Dagdelen, Ö., Fischlin, M., Gagliardoni, T., Marson, G.A., Mittelbach, A., Onete, C.: A cryptographic analysis of OPACITY. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 345–362. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40203-6_20

    Chapter  Google Scholar 

  25. Damgård, I., Haagh, H., Mercer, R., Nitulescu, A., Orlandi, C., Yakoubov, S.: Stronger security and constructions of multi-designated verifier signatures. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12551, pp. 229–260. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64378-2_9

    Chapter  Google Scholar 

  26. de Kock, B., Gjøsteen, K., Veroni, M.: Practical isogeny-based key-exchange with optimal tightness. In: Dunkelman, O., Jacobson, Jr., M.J., O’Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 451–479. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81652-0_18

    Chapter  Google Scholar 

  27. de Saint Guilhem, C., Smart, N.P., Warinschi, B.: Generic forward-secure key agreement without signatures. In: Nguyen, P., Zhou, J. (eds.) Information Security. ISC 2017. LNCS, vol. 10599, pp. 114–133. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69659-1_7

  28. Derler, D., Ramacher, S., Slamanig, D.: Post-quantum zero-knowledge proofs for accumulators with applications to ring signatures from symmetric-key primitives. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 419–440. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-79063-3_20

    Chapter  MATH  Google Scholar 

  29. Di Raimondo, M., Gennaro, R., Krawczyk, H.: Deniable authentication and key exchange. In: ACM CCS 2006, pp. 400–409 (2006)

    Google Scholar 

  30. Dobson, S., Galbraith, S.D.: Post-quantum signal key agreement with SIDH. Cryptology ePrint Archive, Report 2021/1187 (2021). https://eprint.iacr.org/2021/1187

  31. Dobson, S., Galbraith, S.D., LeGrow, J.T., Ti, Y.B., Zobernig, L.: An adaptive attack on 2-SIDH. Int. J. Comput. Math. Comput. Syst. Theor. 5(4), 282–299 (2020)

    Article  MathSciNet  Google Scholar 

  32. Dobson, S., Li, T., Zobernig, L.: A note on a static SIDH protocol. Cryptology ePrint Archive, Report 2019/1244 (2019). https://eprint.iacr.org/2019/1244

  33. Dodis, Y., Katz, J., Smith, A., Walfish, S.: Composability and on-line deniability of authentication. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 146–162. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_10

    Chapter  MATH  Google Scholar 

  34. Dowling, B., Fischlin, M., Günther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In: ACM CCS 2015, pp. 1197–1210 (2015)

    Google Scholar 

  35. Ducas, L., Micciancio, D.: Improved short lattice signatures in the standard model. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 335–352. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_19

    Chapter  MATH  Google Scholar 

  36. Duits, I.: The post-quantum Signal protocol: Secure chat in a quantum world. Master’s thesis, University of Twente (2019)

    Google Scholar 

  37. Esgin, M.F., Steinfeld, R., Liu, J.K., Liu, D.: Lattice-based zero-knowledge proofs: new techniques for shorter and faster constructions and applications. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 115–146. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_5

    Chapter  Google Scholar 

  38. Esgin, M.F., Steinfeld, R., Sakzad, A., Liu, J.K., Liu, D.: Short lattice-based one-out-of-many proofs and applications to ring signatures. In: Deng, R.H., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 67–88. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21568-2_4

    Chapter  MATH  Google Scholar 

  39. Esgin, M.F., Zhao, R.K., Steinfeld, R., Liu, J.K., Liu, D.: MatRiCT: efficient, scalable and post-quantum blockchain confidential transactions protocol. In: ACM CCS 2019, pp. 567–584 (2019)

    Google Scholar 

  40. Fischlin, M., Mazaheri, S.: Notions of deniable message authentication. In: Proceedings of the 14th ACM Workshop on Privacy in the Electronic Society, WPES 2015, Denver, Colorado, USA, 12 October 2015, pp. 55–64 (2015)

    Google Scholar 

  41. Freire, E.S.V., Hofheinz, D., Kiltz, E., Paterson, K.G.: Non-interactive key exchange. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 254–271. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36362-7_17

    Chapter  MATH  Google Scholar 

  42. Fujioka, A., Suzuki, K., Xagawa, K., Yoneyama, K.: Strongly secure authenticated key exchange from factoring, codes, and lattices. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 467–484. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30057-8_28

    Chapter  MATH  Google Scholar 

  43. Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_34

    Chapter  Google Scholar 

  44. Galbraith, S.D., Petit, C., Shani, B., Ti, Y.B.: On the security of supersingular isogeny cryptosystems. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 63–91. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_3

    Chapter  Google Scholar 

  45. Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: 40th ACM STOC, pp. 197–206 (2008)

    Google Scholar 

  46. Hashimoto, K., Katsumata, S., Kwiatkowski, K., Prest, T.: An efficient and generic construction for signal’s handshake (X3DH): post-quantum, state leakage secure, and deniable. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12711, pp. 410–440. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75248-4_15

    Chapter  Google Scholar 

  47. Hashimoto, K., Katsumata, S., Kwiatkowski, K., Prest, T.: An efficient and generic construction for signal’s handshake (X3DH): post-quantum, state leakage secure, and deniable. Cryptology ePrint Archive, Report 2021/564 (2021). https://eprint.iacr.org/2021/616

  48. Herranz, J.: Some digital signature schemes with collective signers. Ph.D. thesis, Universitat Politècnica de Catalunya, Barcelona (2005)

    Google Scholar 

  49. Jakobsson, M., Sako, K., Impagliazzo, R.: Designated verifier proofs and their applications. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_13

    Chapter  Google Scholar 

  50. Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_2

    Chapter  MATH  Google Scholar 

  51. Katz, J., Kolesnikov, V., Wang, X.: Improved non-interactive zero knowledge with applications to post-quantum signatures. In: ACM CCS 2018, pp. 525–537 (2018)

    Google Scholar 

  52. Kawashima, T., Takashima, K., Aikawa, Y., Takagi, T.: An efficient authenticated key exchange from random self-reducibility on CSIDH. In: Hong, D. (ed.) ICISC 2020. LNCS, vol. 12593, pp. 58–84. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-68890-5_4

    Chapter  Google Scholar 

  53. Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_33

    Chapter  Google Scholar 

  54. Kurosawa, K., Furukawa, J.: 2-pass key exchange protocols from CPA-secure KEM. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 385–401. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-04852-9_20

    Chapter  Google Scholar 

  55. Laguillaumie, F., Vergnaud, D.: Designated verifier signatures: anonymity and efficient construction from any bilinear map. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 105–119. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30598-9_8

    Chapter  Google Scholar 

  56. LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75670-5_1

    Chapter  MATH  Google Scholar 

  57. Li, B., Liu, Y., Yang, S.: Lattice-based universal designated verifier signatures. In: 2018 IEEE 15th International Conference on e-Business Engineering (ICEBE), pp. 329–334 (2018)

    Google Scholar 

  58. Li, Y., Schäge, S.: No-match attacks and robust partnering definitions: defining trivial attacks for security protocols is not trivial. In: ACM CCS 2017, pp. 1343–1360 (2017)

    Google Scholar 

  59. Li, Y., Susilo, W., Mu, Y., Pei, D.: Designated verifier signature: definition, framework and new constructions. In: Indulska, J., Ma, J., Yang, L.T., Ungerer, T., Cao, J. (eds.) UIC 2007. LNCS, vol. 4611, pp. 1191–1200. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73549-6_116

    Chapter  Google Scholar 

  60. Libert, B., Ling, S., Nguyen, K., Wang, H.: Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 1–31. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_1

    Chapter  Google Scholar 

  61. Lu, X., Au, M.H., Zhang, Z.: Raptor: a practical lattice-based (linkable) ring signature. In: Deng, R.H., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 110–130. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21568-2_6

    Chapter  Google Scholar 

  62. Lyubashevsky, V.: Fiat-Shamir with aborts: applications to lattice and factoring-based signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 598–616. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_35

    Chapter  Google Scholar 

  63. Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_43

    Chapter  Google Scholar 

  64. Lyubashevsky, V., Neven, G.: One-shot verifiable encryption from lattices. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 293–323. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_11

    Chapter  Google Scholar 

  65. Lyubashevsky, V., Nguyen, N.K., Seiler, G.: SMILE: set membership from ideal lattices with applications to ring signatures and confidential transactions. Cryptology ePrint Archive, Report 2021/564 (2021). https://eprint.iacr.org/2021/564

  66. Marlinspike, M., Perrin, T.: The double ratchet algorithm (November 2016)

    Google Scholar 

  67. Marlinspike, M., Perrin, T.: The X3DH key agreement protocol (November 2016)

    Google Scholar 

  68. Noh, G., Jeong, I.R.: Strong designated verifier signature scheme from lattices in the standard model. Secur. Commun. Netw. 9, 6202–6214 (2017)

    Article  Google Scholar 

  69. Peikert, C.: He gives C-Sieves on the CSIDH. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 463–492. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_16

    Chapter  Google Scholar 

  70. Poettering, B., Rösler, P.: Towards bidirectional ratcheted key exchange. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 3–32. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_1

    Chapter  Google Scholar 

  71. Prest, T.: FALCON. Technical report, National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  72. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: 37th ACM STOC, pp. 84–93 (2005)

    Google Scholar 

  73. Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_32

    Chapter  Google Scholar 

  74. Saeednia, S., Kremer, S., Markowitch, O.: An efficient strong designated verifier signature scheme. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 40–54. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24691-6_4

    Chapter  Google Scholar 

  75. Schwabe, P., Stebila, D., Wiggers, T.: Post-quantum TLS without handshake signatures. In: ACM CCS 2020, pp. 1461–1480 (2020)

    Google Scholar 

  76. Sheikhi-Garjan, M., Kiliç, N.G.O., Cenk, M.: A supersingular isogeny-based ring signature. Cryptology ePrint Archive, Report 2021/1318 (2021). https://eprint.iacr.org/2021/1318

  77. Steinfeld, R., Bull, L., Wang, H., Pieprzyk, J.: Universal designated-verifier signatures. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 523–542. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-40061-5_33

    Chapter  Google Scholar 

  78. Sun, X., Tian, H., Wang, Y.: Toward quantum-resistant strong designated verifier signature from isogenies. In 4th International Conference on Intelligent Networking and Collaborative Systems, pp. 292–296 (2012)

    Google Scholar 

  79. Unger, N., Goldberg, I.: Deniable key exchanges for secure messaging. In: ACM CCS 2015, pp. 1211–1223 (2015)

    Google Scholar 

  80. Unger, N., Goldberg, I.: Improved strongly deniable authenticated key exchanges for secure messaging. PoPETs 2018(1), 21–66 (2018)

    Google Scholar 

  81. Vatandas, N., Gennaro, R., Ithurburn, B., Krawczyk, H.: On the cryptographic deniability of the signal protocol. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) ACNS 2020. LNCS, vol. 12147, pp. 188–209. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57878-7_10

    Chapter  Google Scholar 

  82. Wang, F., Hu, Y., Wang, B.: Lattice-based strong designate verifier signature and its applications. Malays. J. Comput. Sci. 25, 11–22 (2012)

    Google Scholar 

  83. Wang, F., Hu, Y., Wang, B.: Identity-based strong designate verifier signature over lattices. J. China Univ. Post Telecommun. 21, 52–60 (2014)

    Article  Google Scholar 

  84. Yang, B., Yu, Y., Sun, Y.: A novel construction of SDVS with secure disavowability. Clust. Comput. 16(4), 807–815 (2013). https://doi.org/10.1007/s10586-013-0254-y

    Article  Google Scholar 

  85. Yuen, T.H., Esgin, M.F., Liu, J.K., Au, M.H., Ding, Z.: DualRing: generic construction of ring signatures with efficient instantiations. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 251–281. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_10

    Chapter  Google Scholar 

  86. Zaverucha, G., et al.: Picnic. Technical report, National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  87. Zhang, Y., Liu, Q., Tang, C., Tian, H.: A lattice-based designated verifier signature for cloud computing. Int. J. High Perform. Comput. Netw. 8, 135–143 (2015)

    Article  Google Scholar 

Download references

Acknowledgements

We thank Shuichi Katsumata and the anonymous reviewers of PKC 2022 for the helpful comments. Furthermore, we also thank anonymous reviewers who pointed out a flaw in our DVS constructions in an earlier version of this paper.

R.F. was supported by the German Federal Ministry of Education and Research and the Hessian Ministry of Higher Education, Research, Science and the Arts within their joint support of the National Research Center for Applied Cybersecurity ATHENE. F.G. was supported in part by German Research Foundation (DFG) Research Fellowship grant GU 1859/1-1. C.J. was (partially) funded by the Deutsche Forschungsgemeinschaft (DFG) – SFB 1119 – 236615297. D.S. was supported by Natural Sciences and Engineering Research Council of Canada (NSERC) Discovery grant RGPIN-2016-05146.

Author information

Authors and Affiliations

  1. Technische Universität Darmstadt, Darmstadt, Germany

    Jacqueline Brendel, Rune Fiedler & Christian Janson

  2. ETH Zürich, Zurich, Switzerland

    Felix Günther

  3. University of Waterloo, Waterloo, Canada

    Douglas Stebila

Authors
  1. Jacqueline Brendel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rune Fiedler
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Felix Günther
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christian Janson
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Douglas Stebila
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jacqueline Brendel .

Editor information

Editors and Affiliations

  1. National Institute of Advanced Industrial Science and Technology (AIST), Tokyo, Japan

    Goichiro Hanaoka

  2. Yokohama National University, Yokohama, Japan

    Junji Shikata

  3. The University of Electro-Communications, Tokyo, Japan

    Yohei Watanabe

Rights and permissions

Reprints and permissions

Copyright information

© 2022 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Brendel, J., Fiedler, R., Günther, F., Janson, C., Stebila, D. (2022). Post-quantum Asynchronous Deniable Key Exchange and the Signal Handshake. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds) Public-Key Cryptography – PKC 2022. PKC 2022. Lecture Notes in Computer Science(), vol 13178. Springer, Cham. https://doi.org/10.1007/978-3-030-97131-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-97131-1_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-97130-4

  • Online ISBN: 978-3-030-97131-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation