Forward Secure Offline Assisted Group Key Exchange From Isogeny-Based Blinded Key Encapsulation Mechanism

Abstract

<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Group key exchange</i> is a promising cryptographic protocol that has been studied extensively over the years. However, an overwhelming majority of them involve interaction among users. This makes them unsuitable in a cloud-based outsourced storage systems where users seek to store and share their files with their collaborators who stay offline until they want to access the file. To address this concern, Boyd et al. designed an <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">offline assisted group key exchange</i> (OAGKE) protocol that offers forward secrecy. The core component of their OAGKE protocol is a variant of <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">key encapsulation mechanism</i> (KEM) called <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">blinded</i> KEM (BKEM). However, their constructions of BKEM are susceptible to quantum attacks. This work proposes an <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">isogeny-based</i> BKEM and a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">forward secure</i> OAGKE that is secure against adversaries equipped with quantum computers. Our construction of BKEM is based on the <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Commutative Supersingular Isogeny Diffie-Hellman</i> (CSIDH) cryptosystem. We provide a formal security proof demonstrating the security of our scheme. Furthermore, we manifest an instantiation of our BKEM from CSIDH-512 parameter set. Finally, we present our isogeny-based OAGKE protocol along with its rigorous security analysis.