Understanding and Constructing AKE via Double-Key Key Encapsulation Mechanism
Paper i proceeding, 2018

Motivated by abstracting the common idea behind several implicitly authenticated key exchange (AKE) protocols, we introduce a primitive that we call double-key key encapsulation mechanism (2-key KEM). It is a special type of KEM involving two pairs of secret-public keys and satisfying some function and security property. Such 2-key KEM serves as the core building block and provides alternative approaches to simplify the constructions of AKE. To see the usefulness of 2-key KEM, we show how several existing constructions of AKE can be captured as 2-key KEM and understood in a unified framework, including widely used HMQV, NAXOS, Okamoto-AKE, and FSXY12-13 schemes. Then, we show (1) how to construct 2-key KEM from concrete assumptions, (2) how to adapt the classical Fujisaki-Okamoto transformation and KEM combiner to achieve the security requirement of 2-key KEM, (3) an elegant Kyber-AKE over lattice using the improved Fujisaki-Okamoto technique.

Key encapsulation mechanism

Authenticated key exchange

CK model


Haiyang Xue

Chinese Academy of Sciences

Xianhui Lu

Chinese Academy of Sciences

Bao Li

Chinese Academy of Sciences

Bei Liang

Chalmers, Data- och informationsteknik, Nätverk och system

Jingnan He

Chinese Academy of Sciences

Lecture Notes in Computer Science

0302-9743 (ISSN)

Vol. 11273 LNCS 158-189

24th Annual International Conference on Theory and Application of Cryptology and Information Security, ASIACRYPT 2018
Brisbane, Australia,


Algebra och logik





Mer information

Senast uppdaterat