Doreen Riepel's research while affiliated with Ruhr-Universität Bochum and other places

Publications (3)

Chapter
We construct the first authenticated key exchange protocols that achieve tight security in the standard model. Previous works either relied on techniques that seem to inherently require a random oracle, or achieved only “Multi-Bit-Guess” security, which is not known to compose tightly, for instance, to build a secure channel.
Chapter
We introduce new tightly-secure authenticated key exchange (AKE) protocols that are extremely efficient, yet have only a constant security loss and can be instantiated in the random oracle model both from the standard DDH assumption and a subgroup assumption over RSA groups. These protocols can be deployed with optimal parameters, independent of th...
Conference Paper
Full-text available
The Hybrid Public Key Encryption (HPKE) scheme is an emerging standard currently under consideration by the Crypto Forum Research Group (CFRG) of the IETF as a candidate for formal approval. Of the four modes of HPKE, we analyse the authenticated mode HPKE_Auth in its single-shot encryption form as it contains what is, arguably, the most novel part...

Citations

... Security analysis in the authenticated-links adversarial model. This subsection is devoted to analysing further our key exchange protocol in a appropriate security model [1, 13,3]. In particular, we aim at proving that our protocol is session-key secure in the authenticated-links adversarial model (AM) of Canetti and Krawczyk [3], assuming the DDP assumption holds for F ↵ q . ...
... Currently in MLS, the authors require an hybrid public key encryption (HPKE) scheme, as designed in [BBLW20] (which was recently studied in [ABH+21]), composed of a KEM to transmit a symmetric key k and an AEAD encryption scheme that encrypts the data under k, as well as a key derivation function. The security of this scheme is examined in [ABH+20]. In the rest of this work, we denote by Enc pk (m : r) the HPKE encryption of a message m under the public key pk using randomness r. ...