In 2007, LaMacchia et al. proposed the extended Canetti-Krawczyk (eCK) model, which is currently regarded as the strongest, security model for authenticated key exchange (AKE) protocols. In the eCK model, the adversary can reveal a party's ephemeral private key or static private key on the test session, but can't reveal the ephemeral value which was computed using ephemeral private key and static private key. In this paper, we first present the modified eCK (meCK) model by adding a new reveal query. The adversary can reveal all ephemeral secret information of the test session according to the meCK model's freshness definition. Then we propose a new strongly secure AKE protocol, called E-NAXOS, and prove its security in the meCK model under the random oracle assumption and the gap Diffie-Hellman assumption.

• 出版日期2009
• 单位中国科学技术信息研究所