We show that it is possible to achieve perfect forward secrecy (PFS) in two-message or one-round key exchange (KE) protocols even in the presence of very strong active adversaries that can reveal random values of sessions and compromise long-term secret keys of parties. We provide two new game-based security models for KE protocols with increasing security guarantees, namely, eCK and eCK-PFS. The eCK model is a slightly stronger variant of the extended Canetti-Krawczyk (eCK) security model. The eCK-PFS model captures PFS in the presence of eCK adversaries. We propose a security-strengthening transformation (i. e., a compiler) from eCK to eCK-PFS that can be applied to protocols that only achieve security in a weaker model than eCK, which we call eCK. We show that, given a two-message Diffie-Hellman type protocol secure in eCK, our transformation yields a two-message protocol that is secure in eCK-PFS. We demonstrate how our transformation can be applied to concrete KE protocols. In particular, our methodology allows us to prove the security of the first known one-round protocol that achieves PFS under actor compromise and ephemeral-key reveal.

• 出版日期2015-1