A blueprint for constructing 3-pass AKE protocols under commitment-based models
2026-05-22 • Cryptography and Security
Cryptography and Security
AI summaryⓘ
The authors study a way to securely exchange keys without relying on long-term secret information, using a method that confirms authenticity outside of the main communication channel. They improve on previous designs by creating new protocols that complete authentication in just three message exchanges instead of four. These new protocols are carefully built based on earlier techniques and their security is formally proven using established methods. This means the protocols are simpler while maintaining strong security guarantees for one-way authentication.
commitment-based AKE modelkey exchange protocolauthenticationout-of-band verificationcommitment-based MT compilerKA-based protocolsKEM-based protocolsgame-based security proofsone-way authentication
Authors
Rodrigo Martín Sánchez-Ledesma
Abstract
The commitment-based AKE model provides a formal security framework for key exchange protocols that avoid long-term cryptographic material, achieving authentication through a final out-of-band verification of session-derived values. Within this model, secure KA-based and KEM-based protocols were previously constructed via a commitment-based MT compiler, yielding optimized 4-pass protocols. In this work, we show that 3-pass protocols secure under this model exist for both primitives. These protocols are constructed ad hoc, following the core ideas of the commitment-based MT authenticator, and their SK security in the unauthenticated model is proved using the same game-based techniques, achieving bounds of the same form as those previously achieved. The resulting protocols provide one-way authentication in three message exchanges.