Research Article  Open Access
Deniable Key Establishment Resistance against eKCI Attacks
Abstract
In extended Key Compromise Impersonation (eKCI) attack against authenticated key establishment (AKE) protocols the adversary impersonates one party, having the long term key and the ephemeral key of the other peer party. Such an attack can be mounted against variety of AKE protocols, including 3pass HMQV. An intuitive countermeasure, based on BLS (Boneh–Lynn–Shacham) signatures, for strengthening HMQV was proposed in literature. The original HMQV protocol fulfills the deniability property: a party can deny its participation in the protocol execution, as the peer party can create a fake protocol transcript indistinguishable from the real one. Unfortunately, the modified BLS based version of HMQV is not deniable. In this paper we propose a method for converting HMQV (and similar AKE protocols) into a protocol resistant to eKCI attacks but without losing the original deniability property. For that purpose, instead of the undeniable BLS, we use a modification of Schnorr authentication protocol, which is deniable and immune to ephemeral key leakages.
1. Introduction
An authenticated key establishment (AKE) protocol enables two parties: the initiator (starting the protocol, usually called Alice) and the responder (usually called Bob) to mutually identify themselves and establish a secret shared session key, subsequently used to protect communication channel. The deniability property for AKE protocols [1, 2] guarantees that parties still can mutually verify their identities, but the transcript of the protocol cannot be regarded as a proof that the parties have executed the protocol together. We distinguish the initiator deniability and the responder deniability as the deniability feature can be achieved for each party independently. Deniability may be desirable in various privacy protecting scenarios where the proof of interaction should not be transferable; for example, clients of some Internet services might wish to have the right and real possibility of denying using the service.
Many general AKE schemes have been proposed so far; see, for example, MQV [3], HMQV [4], SIGMA [5], KEA+ [6], NAXOS [7], CMQV [8], SMQV [9], ENAXOS [10], Huang [11], or Kim et al. [12] with numerous additional modifications. Their security has been analyzed in many models, for example, CK [13], eCK [7], and seCK [9], under various attack scenarios. In Key Compromise Impersonation (KCI) attack scenario [14–16], an adversary, which obtained long term secrets of one party, say Alice, can execute AKE protocol with her, and impersonate her another party, say Bob, without using the long term secret of Bob. This attack is especially devastating when the correct identification is of the paramount importance. Imagine the attacker learning the long term key of a bank. Now, the attacker not only can play a role of the bank to any identity (which is obvious), but also can be authenticated as any identity in front of that bank, for example, can be authenticated to the account of some very rich person and subsequently order the money transfer from that loggedin account to his own.
In [17] Tang and Chen proposed a new impersonation attack type on AKE protocols called extended KCI (eKCI). In this attack, the adversary has access not only to Alice’s long term secret, but also to her ephemeral secret, for example, the ephemeral DiffieHellman key. With the knowledge of both these keys it can impersonate any party to Alice. This new kind of attack can be mounted against protocols already proven to be secure for regular KCI attacks, for example, NAXOS secure in the extended CanettiKrawczyk model. In [17] authors exemplified the eKCI attack against HMQV protocol [4]. Subsequently they proposed an intuitive and elegant countermeasure based on BLS signatures [18]: in the rest of the paper we refer to this solution by BLSHMQV.
From the design point of view BLSHMQV is a composition of original HMQV with another layer of authentication, done by the BLS signature scheme. In BLSHMQV, a party running the protocol sends to its peer an additional signature over some challenge depending on previous messages. The signature forms a proof of identity, since it can be produced only with the secret key corresponding to the certified public key of the signer. Unfortunately, there is one aspect of this solution which in some scenarios can be regarded as a serious drawback: signed messages in the protocol transcript may be used as undeniable proof for a third party where the communication with the signers took place. In this context the modification to HMQV proposed in [17] makes it resistant to eKCI, but at the same time the protocol loses its deniability property.
Therefore to achieve the deniability property altogether with the eKCI resistance, we follow twolayer architecture of BLSHMQV. However in our modified protocol (called mHMQV) we exchange the undeniable layer of BLS with the deniable layer of Schnorrlike protocol from [19]. Therefore our proposition mHMQV is deniable like original HMQV and is eKCI resistant like BLSHMQV, with its twolayer composition.
As a final remark we recall that secrecy and fairness of values generated by both parties rely on the internal implementation of pseudorandom number generator algorithm, which itself may utilize hardware based randomness or external environmental sources. One of the most comprehensive recommendations for such algorithms can be found in [20]. However note that even algorithms approved for scientific simulations [21], with super long periods, like [22], must be specially tuned for cryptographic purposes [23]. A practical construction for using external source of randomness in AKE protocol, resembling the common reference string model, is given in [24]. Secrecy of values gained in this way can be compromised if an adversary captures the measurements of the external source as well. An example countermeasure for that problem, which uses distributed leader election for selecting a random source of data, was proposed in [25]. As for the internal hardware sources of randomness, the promising approach of using physically unclonable functions is also considered, for example, [26, 27]. Such hardware functions rely on micro differences of the used material and characteristics of processes in production phase, which—as unpredictable and unrepeatable even for the device manufacturer—guarantee the uniqueness of the final results.
1.1. Contribution and Organization of the Paper
The contributions of the paper are the following.
(i) Undeniability of BLSHMQV. We show that BLSHMQV protocol from [17], which is BLS based modification of HMQV, although resistant to eKCI is no longer deniable.
(ii) Proposition of mHMQVeKCI as Resistant and Deniable. This is the main contribution. We propose an extension to HMQV (applicable to similar 2party protocols) which protects against the eKCI attack and which does not destroy the protocol deniability property: for the initiator and subsequently for the responder. We use for that purpose the modified Schnorr identification scheme [19], which is secure even if the ephemeral secrets of parties are compromised. To the best of our knowledge it is the first proposition of this kind for AKE protocols so far.
(iii) Prototype Implementation. To compare the complexity overhead for deniability and eKCI resistance, we implemented prototypes of HMQV, the BLS based scheme (BLSHMQV), and our deniable proposition mHMQV.
1.2. Previous Work
In Table 1 we give the comparison showing the eKCI resistance and deniability feature of the majority of AKE protocols, alongside level of complexity (based on required computational effort for used operations) and number of rounds. Note that eKCI resistance in [11, 17, 31] is provided by undeniable signature scheme that is used to identify the parties to each other. In the case of [11, 17] BLS signatures are used: we call these protocols “without NAXOS” and “BLSHMQV,” respectively. We observe and stress here that the scheme of [11] does not withstand repetition attack in the setup of eKCI. Namely, after the protocol execution between parties and (with the knowledge of the transcript), an adversary can later impersonate in front of if long term and ephemeral secrets of are leaked during the new sessions (and vice versa). Therefore we put “!” instead of “” in the table. Finally we denote the protocols we proposed in this paper by “mHMQV.”

Beside the typical protocols, securing the session key against the combinations of secrets leakages, comparable in terms of the exponentiation operations for DiffieHellman based key exchange and listed in Figure 1, there are schemes that address additional requirements and adversarial assumptions. The AKE schemes in identitybased setup using elliptic curves were analyzed, for example, in [32, 33]. Those 2round schemes are still vulnerable to eKCI attacks (actually the first one does not withstand the regular KCI as well). Authors of [34] proposed a ring signature based scheme, useful for vehicles key exchange and authentication. Note that they use idea close to one already presented in [2]. However, as it was signaled in [2], the ring signature based authentication makes the schemes vulnerable to KCI and eKCIadversary knowing the peer long term key can impersonate other parties to that peer. In [35] the lattice based HMQV version for postquantum era was proposed. The proposition exchanges the cryptographic building blocks, preserving the construction design, but as the original version, it is still eKCI vulnerable. It is an interesting open question how this particular postquantum HMQV construction can be improved, as the modification based on [19] proposed in our paper is also vulnerable to quantum attacks. There are also approaches for a partial leakage of cryptographic material and bad randomness. The security model assuming partial leakage of bits of secret keys was analyzed in [36]; however the proposed solution is based on the signatures and as so is undeniable. The next solution from [37], addressing similar problem, results in 2round protocol which still is not eKCI resistant. Another 2round protocol from [38], addressing the “bad randomness” problem for pseudorandom number generators in user devices, is also not eKCI resistant. Another AKE construction, secure without ROM under the hardness of integer factorization problem, codebased problems, or learning with errors problems, was proposed in [39]. Note that this proposition also is not secure to aKCI attacks. In [40] the authors analyzed security model with the adversary registering arbitrary bit strings as keys. They showed generic results for protocols that achieve security even if some keys have been produced maliciously in this way. However this also does not solve the eKCI resistance for typical protocols; for example, the strengthened version of CMQV presented there is still eKCI vulnerable.
To the best of our knowledge the problem of construction of an AKE protocol, both deniable and withstanding eKCI, as stated in Section 1.1, is still open in literature, since the original eKCI introduction in [17]. Please note, additionally, that in the context of immunizing AKE protocols to eKCI attacks, the construction [41], which follows up the paper [19] and is a modification of Okamoto identification scheme, can be also taken into consideration as the authentication layer: as it is deniable and resistant to ephemeral values leakage and setup.
Organization of the Paper. The paper is organized in the following way. In Section 2.2 we recall the HMQV protocol and discuss its deniability property. In Section 3 we recall the eKCI attack on HMQV and the defense method proposed in [17]. We discuss how that approach breaks the deniability of the original HMQV. In Section 4 we propose a solution to the eKCI attack on HMQV based on the modified Schnorr authentication protocol from [19]. We recall the original Schnorr authentication protocol, discuss its deniability property, and show that it is inadequate in setups where the ephemeral keys can be leaked. Then we propose using its modified version to get initiator deniability. Subsequently we show how the protocol can be modified further to achieve the responder deniability. We prove the security of our claims. In Section 6 we discuss the proofofconcept implementation of our protocols.
2. Preliminaries
2.1. Notation
Presented AKE protocols are based on DiffieHellman (DH) key exchange, so we assume that corresponding computations are done within a group of prime order , where computational DiffieHellman assumption (CDH) holds.
Let (denotes initiator called Alice) and (denotes responder called Bob) be two peer parties of the key exchange protocol . Alice as initiator is the party which starts (sends the first message) the protocol . Bob is the other party. Let and denote pairs of long term secret/public keys of Alice and Bob, respectively, randomly chosen according to the key generating algorithm. Usually, apart from the long term keys, each party in protocol coins additional random secret key, called ephemeral key, used in computation during protocol execution. Let , denote ephemeral keys of Alice and Bob, respectively. Thus denotes the protocol run between the initiator (Alice) having the secret key , the ephemeral key , and the public key of Bob and the responder (Bob) having the secret key , the ephemeral key , and the public key of Alice.
Typical requirements after the authenticated key establishment protocol
is completed (i.e., after both parties finished their computations successfully) are the following:(i)Both parties mutually identified themselves. We denote that initiator speaks with responder of identity Bob. Bob knows he speaks with Alice.(ii)Both parties have computed the same session key.(iii)The session key is secret; that is, it is known only to the parties of the protocol.
The eKCI attack proposed in [17] affects the first requirement. Intuitively we demand that each party should use its secret key to perform the protocol and be accepted by its peer party. In eKCI attack the adversary can use the peer party secret to impersonate another party.
Definition 1. One says that AKE protocol is eKCI vulnerable if there exists an efficient adversary algorithm such that at least one of the probabilities is nonnegligible.
Remark 2. In the first event denotes the adversary which possesses Alice’s secrets but does not have Bob’s long term secret key . It is identified falsely by Alice as Bob. Similarly in the second event denotes the adversary which possesses Bob’s secrets but does not have Alice’s long term secret key . It is identified falsely by Bob as Alice. Note that this reflects the scenario in which a hacker, knowing secrets of the bank, can impersonate any user in front of that bank, subsequently ordering malicious money transfers on behalf of this user.
Deniability Model. In this point we recall the deniability model from [1], which is applicable to authenticated key establishment protocols.
Definition 3. One says that is a concurrently deniable key establishment protocol with respect to the class AUX of auxiliary inputs if, for any adversary , for any input of public keys and any auxiliary input , there exists a simulator that, running on the same inputs as , produces a simulated view which is indistinguishable from the real view of . That is, consider the following two probability distributions, where is the set of public keys of the honest parties: then for all probabilistic polytime machines Dist and all
We say that the protocol is initiator deniable if there exists the simulator , denoted as , that running on the same inputs as Bob (and without Alice’s secret key) can provide Alice’s part of the protocol. That is when Bob can simulate the whole transcript itself. Conversely, we say that the protocol is responder deniable if there exists the simulator , denoted as , that running on the same inputs as Alice (and without Bob’s secret key) can provide Bob’s part of the protocol. That is when Alice can simulate the whole transcript itself.
2.2. Description of the 3Pass HMQV
Let us recall the 3pass protocol of the HMQV family from [4], which is proved to be secure against the standard KCI attacks. The two users Alice and Bob agree on a group of prime order , a generator of , a hash function , and a message authentication code function . Alice selects her long term private key at random and lets the trusted third party (TTP) certify the public key . Similarly, Bob selects his long term private key and lets the TTP certify the public key . The protocol is shown in Figure 1. The values and are defined as follows: where outputs the first bits of the input of the hash function , and is a security parameter. Note that = = = = = = . Thus the values and the secret session key computed independently on both sides are the same.
2.3. Deniability of HMQV
Theorem 4. HMQV is initiator deniable.
Proof. We show that the protocol is initiator deniable as Bob can produce the transcript of the protocol execution alone, but with the same probability distribution as it would be produced altogether with Alice. Namely, the simulator (run with Bob’s input) chooses and computes and the rest of parameters , , , which does not require Alice’s secret key . Observe that for he does not apply the derivations from the protocol (the private key of Alice would be necessary). Instead, he makes use of the equality = .
It follows that a transcript cannot be regarded as a proof that Alice participates in the protocol execution. Similarly we state the following.
Theorem 5. HMQV is responder deniable.
Proof. It is analogical to the proof of Theorem 4. Alice can produce the transcript alone: (run with Alice’s view and input) chooses and computes and the rest of parameters , , , which does not require Bob’s secret key .
2.4. eKCI Attack on the 3Pass HMQV
We recall the original eKCI attack on HMQV from [17]. Suppose that an adversary has access to and and mounts an attack against Alice. After obtaining the first message the adversary computes = = . This equals . Then it computes the rest of parameters on Bob’s side and sends them to Alice, impersonating in this way itself as Bob. Note the fact that the computation of does not require the knowledge of . It is straightforward to verify that , and the adversary always succeeds in the attack.
3. Prevention of the Attack: Undeniable Version
Let us recall the method from [17] protecting against the eKCI attack. The idea is that the users (Alice and Bob) should mutually demonstrate the knowledge of their long term private key to each other. The authors propose the use of deterministic BLS signature scheme [18]. We denote the resulting protocol as BLSHMQV. The construction of that protocol is very intuitive: It can be viewed as twolayer approach:(i)The first layer is the original HMQV.(ii)The second layer includes the BLS signatures over the parameters of the HMQV protocol (parties identifiers, messages). Indeed any adversary algorithm that would break eKCI resistance of BLSHMQV, that is, would impersonate one party by means of anything but the long term secret key (e.g., the other party parameters) would be immediately used to break unforgeability of BLS signature scheme.
3.1. BLSHMQV
First let us briefly recall the BLS scheme. Let , be groups of a prime order and be a generator of . Let . We assume that is a bilinear map, and a signer holds a private/public key pair , where . For a message , the signature generation and verification procedures are as follows:(1)The signer computes a signature , where .(2)The verifier checks whether = . If so, the signature is accepted.
The BLSHMQV based solution to the eKCI attack on HMQV is depicted in Figure 2. We follow the notation from [17]. The important part of the protocol extension computed on the responder side is boxed. Similarly respective computations on the initiator side are underlined.
3.2. Loosing Deniability
Although BLSHMQV is resistant to eKCI attack, we observe that the protocol depicted in Figure 2 is not initiator deniable.
Theorem 6. The BLSHMQV protocol depicted in Figure 2 is not initiator deniable.
Proof. Indeed, in order to produce a simulated transcript indistinguishable from the original one, a simulator (run with Bob’s input and without the knowledge of Alice’s secret key ) would have to create a verifiable signature . So it would be used as an efficient forger for the underlying BLS scheme, contradicting BLS security.
Corollary 7. The BLSHMQV protocol in not responder deniable due to the similar reasoning.
4. Our Proposition: Deniable Prevention to eKCI Attack
In this section we propose the deniable version of the solution to eKCI attack. It is based on exchanging the undeniable BLS layer from BLSHMQV with the deniable identification (IS) scheme, for example, Schnorr IS. To illustrate the idea of the construction we first show the initiator deniable solution based on the Schnorr identification protocol [42]. Next we observe that this particular solution is imperfect in systems where the ephemeral secrets may be leaked: the security of the long term key relies on the security of the ephemeral key; thus once the ephemeral secrets are leaked the long term secrets are also compromised.
4.1. The Basic Schnorr Based Imperfect Solution
Let us recall the Schnorr identification protocol from [42].
Schnorr Identification Protocol. Let be a group of prime order and be a generator of . Suppose that an authenticator possesses the certified private/public key pair , and a verifier already knows the public key .(1)The authenticator computes , and sends to the verifier.(2)The verifier choses and sends it to the authenticator.(3)The authenticator computes and sends to the verifier.(4)The verifier accepts the verification iff .
The initiator deniable version of the protocol from Figure 2 augmented with the Schnorr identification protocol is presented in Figure 3. The hash function effectively produces challenge computed from , which itself contains coined at Bob’s side.
Deniability of the Basic Schnorr Based Solution. To prove the deniability of the protocol (Figure 3) for Alice it suffices to show the construction of the efficient simulator that produces the protocol transcript without the knowledge of Alice’s secret . Indeed such a simulator exists: Bob simulates the messages of Alice with the distribution indistinguishable from the original one:(1)Bob chooses randomly .(2)Bob computes . Thus , although Bob does not know the value .(3)Having and Bob computes the rest of the parameters and protocol messages: , , are computed by Bob alone from his secrets; is computed as , where values on both sides are equal; hence . Thus he produces the transcript which has the same distribution as the original transcript that would be produced altogether with Alice.Note that message computed on Alice’s side does not contain . Otherwise it would be impossible to compute for . Indeed, this trick was used to provide deniability of PACE∣AA protocol from [43].
Imperfection of the Basic Schnorr Based Solution. The solution is imperfect in scenarios where ephemeral keys can be leaked. If the ephemeral secret is known to the adversary, it can compute Alice’s long term secret and impersonate her since then. Therefore in the next section we propose using the secure version from [19].
4.2. Prevention of the Attack: Secure Deniable Solution
Modified Schnorr Identification Protocol from [19]. The idea of that protocol is to perform response computation in the exponent using a new generator . Let recall the steps:(1)The authenticator computes , and sends to the verifier.(2)The verifier computes a challenge and sends it to the authenticator.(3)The authenticator computes , and sends to the verifier.(4) The verifier accepts the verification iff .
Note that we do not require the intermediate computation of . Such intermediate values can be leaked in some scenarios and together with the leaked ephemerals can be used to compromise the long term keys. The modified HMQV protocol which uses the above technique for initiator is depicted in Figure 4. We denote the protocol as mHMQV1.
Deniability of the Modified Schnorr Based Solution. The initiator deniability property is preserved. We state the following.
Theorem 8. The mHMQV1 protocol depicted in Figure 4 is initiator deniable.
Proof. We have to show how the simulator (with Bob’s view) would produce the transcript , , , , , which has exactly the same distribution as the transcript produced by two parties Alice and Bob together. The simulator computes values , , , , , , where in the following way: It computes everything in the generator first. It takes , and randomly computes , = , and . Afterwards it is able to compute the commitment of the first message = = accordingly (as in the example from Section 4.1). , , are computed by Bob alone from his secrets as in HMQV. is computed as , because values on both sides are equal as . Then it computes . Note that it does not need to compute : this value is not a part of the transcript. Therefore the resulting transcript has exactly the same distribution as the transcript computed by Alice and Bob together.
Proving of Interaction for Initiator. Note that in the initiator deniable version of the protocol mHMQV1 in Figure 4 the transcript could have been produced by Bob alone, or together by Alice and Bob really interacting with each other. Therefore the simple trick can be made by Alice to have a proof of interaction. She simply has to remember as the commitment to the value she uses in the first message. Usually ephemeral values are deleted once they are not needed anymore. However Alice may record the ephemeral value and produce it in front of the judge to prove that the transcript, and particularly , was not computed by Bob’s simulation. Indeed if Bob is to present he will have to break DLP problem for . Still, if Alice does not store , then no algorithm can tell if the transcript was the result of the protocol interaction or Bob’s simulation.
Achieving Responder Deniability. The deniability of the responder also can be achieved; however it requires a slight modification of the protocol. The mechanism is symmetrical. The procedures of Bob mimic/reflect the behavior of Alice: this also requires an additional message from Bob at the end (so 4 messages in total). Note that storing values and enables Alice and Bob to prove the interaction according to reasoning from Section 4.2.
We state that the modified protocol depicted in the Figure 5 provides deniability for both Alice and Bob:(i)The transcript can be simulated by the responder alone (Alice deniability).(ii)The transcript can be simulated by the initiator alone (Bob deniability). We call the protocol mHMQV2. It is deniable for both the initiator and the responder.
Theorem 9. The mHMQV2 protocol depicted in Figure 5 is “initiator deniable.”
Proof. Essentially it is as the proof of Theorem 8. The only difference is that the value is computed by the simulator as and included in the last fourth message (not in the second).
Theorem 10. The mHMQV2 protocol depicted in Figure 5 is “responder deniable.”
Proof. Analogically it is as above. The simulator for the responder, with Alice’s secrets, produces the transcript , , , , , , where = should be equal to for = : It starts with and uniformly at random, computes = , and sets = , and = . Then it computes = as . is computed as , because values on both sides are equal as . The parameters , can be easily computable with the input of Alice. Subsequently it computes = .
5. Key Security and eKCI Resistance
In this point we discuss the security aspects of the proposed modification.
(i) Ephemeral Key Leakage Does Not Compromise Long Term Keys. This addresses the problem with the regular Schnorr authentication signalized in Section 4.1.
(ii) eKCI Resistance. The mHMQV protocols, extended with the proposed modification of Schnorr identification scheme, are resistant against eKCI attack, that is, are immune against impersonation attacks of the adversary authenticator which learns both the long term key and the ephemeral key of the verifier.
(iii) Session Key Security. The resulting protocol mHMQV still fulfills the session key security of the original unmodified version. In other words, the proposed modifications do not affect and impair the original AKE security.
The following theorem states that leakage of authenticator’s ephemeral secret gives no advantage to the adversary whose goal is to extract the long term key.
Theorem 11. No adversary can extract the long term secret key of the authenticator given public parameters, transcript of the protocol, and the ephemeral secret of the authenticator.
Proof. The proof is by contradiction. W.l.o.g. let the authenticator be Alice, whose ephemeral key is leaked. Now suppose that some algorithm , when given the public parameters , transcript of the protocol , , , , , , and the ephemeral secret of Alice , outputs Alice’s long term secret in nonnegligible probability. Then we can use it as a subprocedure to break the DLP problem for a given value, say , for unknown . We have to prepare the input for , including as public key of Alice, and , as it would be computed by corresponding Alice’s secret key . We set up the system in which is the public key of Alice and a random is her ephemeral key. We simulate the transcript which would be indistinguishable from the real one. Hence we know and we can compute . Values , , , are also easily computable. The only problem here is to produce the suitable . Indeed in ROM we program as for randomly chosen . Then we compute , which equals = = . Then verification holds: = , and we obtain a perfect simulation in ROM. Now we treat the value output from as the discrete logarithm of .
5.1. eKCI Resistance of mHMQV1 and mHMQV2
The eKCI resistance requires that the attacker cannot launch the impersonation attack, even if(1)the attacker knows the long term key of the verifier,(2)the ephemeral key of the verifier, after it is coined, is also leaked to the attacker as soon as it is coined. The attacker is required to possess and use the secret key corresponding to the public key of the authenticator with identity ID, to be positively verified and accepted with this identity ID.
Remark 12. It is of the paramount importance, here, to strictly follow the protocol scheduled steps and implement the protocol in the designed order. Indeed, if the verifier carelessly changes the protocol schedule and prepares the challenge before the very first step of the protocol (before receiving the commitment message ) and if the ephemeral is leaked to the attacker before the first message, then it possible to impersonate any ID, say with public key , but without corresponding secret . In this case the attacker follows the simulator : it starts with random and the leaked computes , = , and . Then it computes = as . Subsequently it computes . Then in the first message it sends to Bob precomputed and later on after receiving it sends back precomputed , impersonating itself in this way to Bob.
Theorem 13. No adversary can authenticate as Alice in front of responder without the knowledge of the secret key “” corresponding to public in mHMQV1 and mHMQV2 protocols.
Proof.
(1) Reduction to Security of ModSchnorr [19]. The proof is an immediate consequence of the security of the modSchnorr identification scheme: any attacker that would impersonate Alice without her keys in mHMQV1 and mHMQV2 protocols would be used to break the underlying security of the modSchnorr identification scheme [19]. Conversely assume that there is an effective adversary that impersonates Alice, without her secret key , in front of Bob in mHMQV1 protocol with nonnegligible probability. We use that adversary as a subprocedure to break modSchnorr in the following way: We play the role of Bob for . After obtaining from we forward it to our challenger as the first message. Then after obtaining from our challenger we compute the values on Bob’s side and send the second message to . Now after the adversary issues an oracle query we set in ROM table return value . After outputs we forward it as the third message to our challenger. Note that if is successfully accepted in mHMQV1 then it is also accepted in modSchnorr.
(2) Reduction to CDH. Below we show how that adversary can be used to break the instance of the underlying CDH problem, as in original paper [19]. Suppose the adversary plays Alice in front of Bob without the knowledge of her secret key and is accepted. We give the adversary the secret key of Bob. Note that Bob’s ephemeral key can only be given (leaked to the adversary only ASAP after it is created on Bob’s side). Since then is another representation of the challenge . We set up the system for with as the public key of Alice. Then we use a rewinding technique (as in regular Schnorr identification): we fix the random value used in by the algorithm and let interact twice with Bob, choosing each time a different random , say and . These will result with and accordingly. Note that on ’s query to we answer with the value . If Bob accepts both times we have and . Thus we have = , so we can compute = .
Theorem 14. No adversary can be authenticated as Bob in front of Alice without the knowledge of the secret key corresponding to public in mHMQV2 protocol.
Proof. The proof is similar to the proof of Theorem 13. We omit it to save the space.
As a simple conclusion from Theorems 13 and 14 we state the following.
Corollary 15. The protocols mHMQV1 and mHMQV2 are resistant to eKCI attacks.
Now we address the security of the session key. This refers to the requirement that the session key established by the parties in the course of the protocol execution is known only to those parties. Usually the security model for the session key defines the socalled session key security game, in which the attacker is allowed to issue queries to various oracles, about the long term keys, and ephemeral keys of both parties. Usually the attacker is allowed to issue any combination of such queries, except those which would trivially reveal the session key. Eventually the attacker should not be able to distinguish whether the testkey, it was given, is the real established session key or some unrelated random value. However if it does distinguish that, with nonnegligible probability, it wins the security game, and the protocol is considered broken.
5.2. Session Key Security
To show the session key security we follow the same approach as in [17]. It is based on the actual HMQV security proven in [44]. Now observe that extension from [17] that immunes HMQV against eKCI only adds BLS layer for authentication purposes and does not affect the underlying session key security of HMQV. We follow the same approach. We want to show that our modifications do not spoil the session key security of the original HMQV. Our modified version adds some additional computation on each side, providing extra deniable authentication steps, against eKCI attack. This extra computation does not affect the session key security of the original HMQV. We take for granted that HMQV is “sessionkeysecure”; that is, no adversary can learn the session key for the completed session between uncorrupted parties (refer [45] for proof of that in CanettiKrawczyk model). Note that these extra computations can be easily simulated in ROM. Thus the execution of original HMQV can be easily transformed in execution of our mod versions. Now any attacker breaking the session key security of mHMQV could be used to break the session key security of org HMQV. We state the following.
Theorem 16. If the original AKE protocol is “sessionkeysecure,” then the modified protocol, extended with the authentication method proposed in Section 4.2, is also “sessionkeysecure” assuming programmable random oracle model.
Proof. The proof is by contradiction. Assume that there exists an efficient adversary algorithm that breaks the security of the modified protocol. We can use it as a subprocedure, to build the adversary algorithm , which breaks the session key security of the original “unmodified” protocol. Observe that each oracle query from can be served by via forwarding question and answers to/from corresponding oracles for org protocol. The only exception is queries concerning values and . These however can be easily simulated in ROM: for we set for some random and compute = as (for we simulate similarly). This way we transform the transcript of the original protocol “org” into the transcript of the modified protocol “mod.” Now any answer from concerns the session key we output as the answer of . If wins the session key security game for mod, then also wins the security game for org. This would contradict assumption about session key security of org protocol.
6. Performance
Each of the proposed modifications of the scheme strengthens its security but requires performing certain amount of additional computations, which should be expected to affect the overall performance of the protocol. We implemented the basic scheme (3pass HMQV), the BLS based scheme (BLSHMQV), the basic Schnorr based imperfect modification (mHMQV0), the modified Schnorr based initiator deniable version (mHMQV1), and the modified Schnorr based fully deniable version (mHMQV2) in order to measure how much do the proposed improvements extend the execution time of the protocol.
6.1. Implementation
Our implementations have been created using Python 3 with the Charm Crypto library [46], a commonly used opensource cryptographic toolbox providing methods to perform operations on elliptic curves, including bilinear pairings and hashing and the timeit for measuring the average execution times. All computations are performed on the same NISTapproved symmetric elliptic curve with a 512bit base field [47]. In order to measure nothing but the time of computations strictly related to the schemes, each implementation is created as a single program, where the two parties are simulated by interweaving methods.
6.2. Results
Average execution time for each protocol has been measured by running 1000 full rounds of each version on a Ubuntu 12 virtual machine with Intel i7 2.5 GHz and 8 GB RAM. The acquired results are presented in Table 2. As it was expected, each modified version of the protocol is 4 to 8 times slower than the original one. This is intuitively selfexplained: each subsequent modification requires additional computing hashes and bilinear pairings.

As a first step in assessing which modifications affect the execution time of the protocols, we had to measure the execution times for every building block operation used in the protocol. The results can be seen in Table 3. It emerges that the bilinear pairing operation, crucial for our modifications, requires relatively much computational power. However, to better assess the protocols, we have measured how much time is taken for the most complex building blocks, as it has to be noticed that each of them may be used multiple times in a single protocol round.

A detailed assessment of time complexity for every protocol version has been presented in Table 4. It depicts how much time in the protocols is consumed by computing bilinear pairings, hashes, and modular exponents (ModPow operations). One can easily notice that the longer execution time in the modified versions resulted mostly from usage of bilinear pairings. One should take it into consideration while implementing these schemes, as some hardware enhancements could possibly improve the performance of the pairing routines and, as a result, the entire protocol.

Nevertheless, it has to be pointed that the average execution time remains to be just several milliseconds in all the cases, making any of the proposed modification applicable to implementation in realworld usage.
7. Conclusion
In this paper we extended the results from [17]. We observed that the solution from [17], protecting HMQV against the eKCI attack, destroys the deniability property of HMQV. Therefore, following the twolayer construction of [17], we exchange the undeniable BLS signatures layer, with the modified Schnorr identification scheme from [19] resistant to ephemeral key leakages. This way we immune HMQV against eKCI in such a way that the deniability property is preserved. Compared with the undeniable solution from [17], in our initiator deniable version of the protocol Alice needs to compute one more exponentiation. The initiator and responder deniable version requires two more exponentiations (one more per side) and the additional fourth message. The conducted experiments confirmed that, despite the additional computational effort, the newly proposed protocols remain efficient enough to be implemented in realworld applications.
Conflicts of Interest
The authors declare that they have no conflicts of interest.
Acknowledgments
This work was partially supported by funding from Polish NCN Contract no. DEC2013/09/D/ST6/03927.
References
 M. Di Raimondo, R. Gennaro, and H. Krawczyk, “Deniable authentication and key exchange,” in Proceedings of the CCS 2006: 13th ACM Conference on Computer and Communications Security, pp. 400–409, Alexandria, Va, USA, November 2006. View at: Publisher Site  Google Scholar
 L. Krzywiecki, “Deniable version of SIGMA key exchange protocol resilient to ephemeral key leakage,” in Proceeding of the Provable Security  8th International Conference, ( ProvSec '14), S. S. M. Chow, J. K. Liu, L. C. K. Hui, and S. Yiu, Eds., vol. 8782 of Lecture Notes in Computer Science, pp. 334–341, Springer, Hong Kong , China, 2014. View at: Google Scholar
 L. Law, A. Menezes, M. Qu, J. Solinas, and S. Vanstone, “An efficient protocol for authenticated key agreement,” Designs, Codes and Cryptography, vol. 28, no. 2, pp. 119–134, 2003. View at: Publisher Site  Google Scholar  MathSciNet
 H. Krawczyk, “Hmqv: A highperformance secure diffiehellman protocol,” in CRYPTO, V. Shoup, Ed., vol. 3621 of Lecture Notes in Computer Science, pp. 546–566, Springer, Berlin, Germany, 2005. View at: Publisher Site  Google Scholar  MathSciNet
 H. Krawczyk, “SIGMA: The “SIGnandMAc” Approach to Authenticated DiffieHellman and Its Use in the IKE Protocols,” in Advances in Cryptology  CRYPTO 2003, vol. 2729 of Lecture Notes in Computer Science, pp. 400–425, Springer, Berlin, Germany, 2003. View at: Publisher Site  Google Scholar
 K. Lauter and A. Mityagin, “Security analysis of kea authenticated key exchange protocol,” in Public key cryptography, vol. 3958 of Lecture Notes in Comput, pp. 378–394, Springer, Berlin, Germany, 2006. View at: Publisher Site  Google Scholar  MathSciNet
 B. A. LaMacchia, K. Lauter, and A. Mityagin, “Stronger security of authenticated key exchange,” in Provable Security, W. Susilo, J. K. Liu, and Y. Mu, Eds., vol. 4784 of Lecture Notes in Computer Science, pp. 1–16, Springer, Berlin, Germany, 2007. View at: Google Scholar
 B. Ustaoglu, “Obtaining a secure and efficient key agreement protocol from (H) MQV and NAXOS,” Designs, Codes and Cryptography, vol. 46, no. 3, pp. 329–342, 2008. View at: Publisher Site  Google Scholar  MathSciNet
 A. P. Sarr, P. ElbazVincent, and J.C. Bajard, “A new security model for authenticated key agreement,” in Security and Cryptography for Networks, J. A. Garay and R. D. Prisco, Eds., vol. 6280 of Lecture Notes in Computer Science, pp. 219–234, Springer, Berlin, Germany, 2010. View at: Google Scholar
 Q. Cheng, C. Ma, and X. Hu, “A new strongly secure authenticated key exchange protocol,” in Advances in Information Security and Assurance, vol. 5576 of Lecture Notes in Computer Science, pp. 135–144, Springer, Berlin, Germany, 2009. View at: Publisher Site  Google Scholar
 H. Huang, “Strongly secure one round authenticated key exchange protocol with perfect forward security,” in Provable Security, vol. 6980 of Lecture Notes in Computer Science, pp. 389–397, Springer, Berlin, Germany, 2011. View at: Publisher Site  Google Scholar
 M. Kim, A. Fujioka, and B. Ustaoğlu, “Strongly secure authenticated key exchange without NAXOS’ approach,” in Advances in Information and Computer Security, vol. 5824 of International Workshop on Security, pp. 174–191, Springer, Berlin, Germany, 2009. View at: Publisher Site  Google Scholar
 R. Canetti and H. Krawczyk, “Analysis of keyexchange protocols and their use for building secure channels,” in EUROCRYPT, B. Pfitzmann, Ed., vol. 2045 of Lecture Notes in Computer Science, pp. 453–474, Springer, Berlin, Germany, 2001. View at: Publisher Site  Google Scholar  MathSciNet
 S. BlakeWilson, D. Johnson, and A. Menezes, “Key agreement protocols and their security analysis,” in Cryptography and coding (Cirencester, 1997), M. Darnell, Ed., vol. 1355 of Lecture Notes in Computer Science, pp. 30–45, Springer, Berlin, Germany, 1997. View at: Publisher Site  Google Scholar  MathSciNet
 C. Boyd and A. Mathuria, “Authentication and key transport using public key cryptography,” in Protocols for Authentication and Key Establishment, pp. 107–135, Springer, Berlin, Germany, 2003. View at: Publisher Site  Google Scholar
 A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, New York, NY, USA, 1997. View at: MathSciNet
 Q. Tang and L. Chen, “Extended KCI attack against twoparty key establishment protocols,” Information Processing Letters, vol. 111, no. 15, pp. 744–747, 2011. View at: Publisher Site  Google Scholar  MathSciNet
 D. Boneh, B. Lynn, and H. Shacham, “Short signatures from the weil pairing,” Journal of Cryptology, vol. 17, no. 4, pp. 297–319, 2004. View at: Publisher Site  Google Scholar  MathSciNet
 L. Krzywiecki, “Schnorrlike identification scheme resistant to malicious subliminal setting of ephemeral secret in,” in Innovative Security Solutions for Information Technology and Communications  9th International Conference, SECITC, 2016, I. Bica and R. Reyhanitabar, Eds., Lecture Notes in Computer Science, pp. 137–148, Bucharest , Romania, 2016. View at: Google Scholar
 E. B. Barker and J. M. Kelsey, “Recommendation for random number generation using deterministic random bit generators,” National Institute of Standards and Technology NIST SP 80090a, Gaithersburg, MD, USA, 2012. View at: Publisher Site  Google Scholar
 M. Matsumoto, M. Saito, H. Haramoto, and T. Nishimura, “Pseudorandom number generation: impossibility and compromise,” Journal of Universal Computer Science, vol. 12, no. 6, pp. 672–690, 2006. View at: Google Scholar  MathSciNet
 M. Matsumoto and T. Nishimura, “Mersenne Twister: a 623dimensionally equidistributed uniform pseudorandom number generator,” ACM Transactions on Modeling and Computer Simulation, vol. 8, no. 1, pp. 3–30, 1998. View at: Publisher Site  Google Scholar
 M. Matsumoto, T. Nishimura, M. Hagita, and M. Saito, “Cryptographic mersenne twister and fubuki stream/block cipher,” IACR Cryptology ePrint Archive, vol. 165, 2005, http://eprint.iacr.org/2005/165. View at: Google Scholar
 C. Ye, S. Mathur, A. Reznik, Y. Shah, W. Trappe, and N. B. Mandayam, “Informationtheoretically secret key generation for fading wireless channels,” IEEE Transactions on Information Forensics and Security, vol. 5, no. 2, pp. 240–254, 2010. View at: Publisher Site  Google Scholar
 G. Lo Re, F. Milazzo, and M. Ortolani, “Secure random number generation in wireless sensor networks,” Concurrency and Computation: Practice and Experience, vol. 27, no. 15, pp. 3842–3862, 2015. View at: Publisher Site  Google Scholar
 A. Sadr and M. ZolfaghariNejad, “Physical unclonable function (PUF) based random number generator,” in CoRR abs/1204.2516, http://arxiv.org/abs/1204.2516. View at: Google Scholar
 S. S. Zalivako and A. A. Ivaniuk, “The use of physical unclonable functions for true random number sequences generation,” Automatic Control and Computer Sciences, vol. 47, no. 3, pp. 156–164, 2013. View at: Publisher Site  Google Scholar
 J. Lee and J. H. Park, Authenticated key exchange secure under the computational diffiehellman assumption, 2008, http://eprint.iacr.org/2008/344.pdf.
 L. Hanzlik, K. Kluczniak, L. Krzywiecki, and M. Kutylowski, “Mutual chip authentication,” in Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, (TrustCom '13), pp. 1683–1689, Melbourne, VIC, Australia, July 2013. View at: Publisher Site  Google Scholar
 L. Hanzlik, K. Kluczniak, M. Kutylowski, and L. Krzywiecki, “Mutual restricted identification,” in Public Key Infrastructures, Services and Applications, S. K. Katsikas and I. Agudo, Eds., vol. 8341 of Lecture Notes in Computer Science, pp. 119–133, Springer, Berlin, Germany, 2014. View at: Publisher Site  Google Scholar
 R. Canetti and H. Krawczyk, “Security analysis of IKE's signaturebased keyexchange protocol,” Cryptology ePrint Archive, Springer, Berlin, Germany, 2002, http://eprint.iacr.org/. View at: Publisher Site  Google Scholar  MathSciNet
 S. H. Islam and G. P. Biswas, “Design of twoparty authenticated key agreement protocol based on ECC and selfcertified public keys,” Wireless Personal Communications, vol. 82, no. 4, pp. 2727–2750, 2015. View at: Publisher Site  Google Scholar
 H. Sun, Q. Wen, and W. Li, “A strongly secure pairingfree certificateless authenticated key agreement protocol under the CDH assumption,” Science China Information Sciences, vol. 59, no. 3, 2016. View at: Publisher Site  Google Scholar
 C. Büttner and S. A. Huss, “A novel anonymous authenticated key agreement protocol for vehicular ad hoc networks,” in Proceedings of the 1st International Conference on Information Systems Security and Privacy, ESEO (ICISSP '15), O. Camp, E. R. Weippl, C. Bidan, and E. Ameur, Eds., pp. 259–269, SciTePress, Angers, Loire Valley, France, 2015, https://doi.org/10.5220/0005238902590269. View at: Google Scholar
 J. Zhang, Z. Zhang, J. Ding, M. Snook, and Ö. Dagdelen, “Authenticated key exchange from ideal lattices,” in Advances in cryptologyEUROCRYPT 2015, vol. 9057, pp. 719–751, Springer, Berlin, Germany, 2015. View at: Publisher Site  Google Scholar  MathSciNet
 R. Chen, Y. Mu, G. Yang, W. Susilo, and F. Guo, “Strong authenticated key exchange with auxiliary inputs,” Designs, Codes and Cryptography, vol. 85, no. 1, pp. 145–173, 2017. View at: Publisher Site  Google Scholar  MathSciNet
 R. Chen, Y. Mu, G. Yang, W. Susilo, and F. Guo, “Strongly leakageresilient authenticated key exchange,” in Topics in Cryptology  CTRSA 2016, vol. 9610 of Lecture Notes in Computer Science, pp. 19–36, Springer International Publishing, Cham, Switzerland, 2016. View at: Publisher Site  Google Scholar
 M. Feltz and C. Cremers, “Strengthening the security of authenticated key exchange against bad randomness,” Designs, Codes and Cryptography. View at: Publisher Site  Google Scholar
 A. Fujioka, K. Suzuki, K. Xagawa, and K. Yoneyama, “Strongly secure authenticated key exchange from factoring, codes, and lattices,” Designs, Codes and Cryptography, vol. 76, no. 3, pp. 469–504, 2015. View at: Publisher Site  Google Scholar  MathSciNet
 C. Boyd, C. Cremers, M. Feltz, K. G. Paterson, B. Poettering, and D. Stebila, “Asics: authenticated key exchange security incorporating certification systems,” International Journal of Information Security, vol. 16, pp. 151–171, 2017. View at: Publisher Site  Google Scholar
 L. Krzywiecki and M. Kutylowski, “Security of okamoto identification scheme: a defense against ephemeral key leakage and setup,” in Proceedings of the Fifth ACM International Workshop on Security in Cloud Computing, (SCC@AsiaCCS '17), C. Wang and M. Kantarcioglu, Eds., pp. 43–50, Abu Dhabi, UAE, April 2017. View at: Publisher Site  Google Scholar
 C. P. Schnorr, “Efficient signature generation by smart cards,” Journal of Cryptology, vol. 4, no. 3, pp. 161–174, 1991. View at: Publisher Site  Google Scholar
 J. Bender, Ö. Dagdelen, M. Fischlin, and D. Kügler, “The pace∣AA protocol for machine readable travel documents, and ts security,” in Financial Cryptography and Data Security  16th International Conference, (FC '12), A. D. Keromytis, Ed., vol. 7397 of Lecture Notes in Computer Science, pp. 344–358, Februray 27March 2, 2012. View at: Google Scholar
 H. Krawczyk, “HMQV: a highperformance secure DiffieHellman protocol,” in Advances in Cryptology—CRYPTO 2005, vol. 3621 of Lecture Notes in Computer Science, pp. 546–566, Springer, Berlin, Germany, 2005. View at: Publisher Site  Google Scholar
 R. Canetti and H. Krawczyk, “Security analysis of IKE's signaturebased keyexchange protocol,” in Advances in Cryptology  CRYPTO 2002, 22nd Annual International Cryptology Conference, M. Yung, Ed., vol. 2442 of Lecture Notes in Computer Science, pp. 143–161, Santa Barbara, Calif, USA, 2002. View at: Publisher Site  Google Scholar
 J. A. Akinyele, C. Garman, I. Miers et al., “Charm: a framework for rapidly prototyping cryptosystems,” Journal of Cryptographic Engineering, vol. 3, no. 2, pp. 111–128, 2013. View at: Publisher Site  Google Scholar
 C. NIST, “The digital signature standard,” http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.1864.pdf. View at: Publisher Site  Google Scholar
Copyright
Copyright © 2017 Łukasz Krzywiecki and Tomasz Wlisłocki. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.