🌑

☀️

Hi Folks.

Home Explore About

🇨🇳 🔎

Explore / Study / Computer Science / Cryptography 459 words | 2 minutes

Fix a Key-Exchange protocol $\Pi$ $Π$ and an attacker (passive eavesdropper) $\mathscr{A}$ $A$ . Define the experiment $\mathrm{KE}_{\mathscr{A}, \Pi}^{\mathrm{eav}}(n)$ $K E_{A, Π}^{e a v} (n)$ :
1. Two parties holding $1^n$ execute protocol $\Pi$ . This results in a transcript $\texttt{trans}$ containing all the messages sent by the parties, and a key $k \in \{0,1\}^n$ output by each of the parties.
2. A uniform bit $b \in \{0,1\}$ is chosen. If $b = 0$ , set $k' := k$ . If $b = 1$ , choose $k' \leftarrow \{0,1\}^n$ uniformly at random.
3. Attacker $\mathscr{A}$ is given $\texttt{trans}$ and $k'$ . $\mathscr A$ then outputs a bit $b'$ .
4. $\mathscr A$ succeeds and the experiment evaluates to $1$ if and only if $b' = b$ .

Definition. The Key-Exchange Protocol $\Pi$ is secure in the presence of an eavesdropper, if for all probabilistic, polynomial-time adversaries $\mathscr A$ , there is a negligible function $\epsilon(n)$ such that
$\Pr[\mathrm{KE}_{\mathscr{A}, \Pi}^{\mathrm{eav}}(n) = 1] \le \frac{1}{2} + \epsilon(n)$

Theorem. If the Decisional Diffie-Hellman problem is hard relative to $\mathscr G$ , then the Diffie-Hellman key-exchange protocol $\Pi$ is secure in the presence of an eavesdropper (with respect to $\widehat{\mathrm{KE}}_{\mathscr{A}, \Pi}^{\mathrm{eav}}$ ).

— Mar 24, 2023

Related: #Cryptography

§14 Key-Exchange Protocols and Diffie-Hellman Key-Exchange by Lu Meng is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at About.

Made with ❤ at Earth.