News
Additional Links and InformationWritten on 08.05.25 by Doreen Riepel Hi everyone, I created a sub-page "Detailed Schedule and Links" which you should see under "Information". There you can find the Zoom link for Monday and additional polls, as well as an overview of the assignment. Let me know if there are any other questions. Otherwise, see you on Monday at 4pm… Read more Hi everyone, I created a sub-page "Detailed Schedule and Links" which you should see under "Information". There you can find the Zoom link for Monday and additional polls, as well as an overview of the assignment. Let me know if there are any other questions. Otherwise, see you on Monday at 4pm via Zoom.
Best, Doreen
|
Starting later todayWritten on 05.05.25 by Doreen Riepel Dear students, due to travel delays, I will be late. I suggest to start at 17:00 instead, but I expect we won’t need longer than 18:00. I am very sorry for the short notice. See you soon! |
Reminder to send your preferencesWritten on 02.05.25 by Doreen Riepel Hi everyone, Please remember to send me three papers you find interesting. In case it wasn't clear: You will only need to present one of them, and I will tell you which one on Monday, in case there is overlapping interests. I will also clarify how registration in LSF works (exam vs. normal… Read more Hi everyone, Please remember to send me three papers you find interesting. In case it wasn't clear: You will only need to present one of them, and I will tell you which one on Monday, in case there is overlapping interests. I will also clarify how registration in LSF works (exam vs. normal seminar registration). I currently don't have access to the system, but I'll let you know in time (the deadline is May 19). Best, Doreen |
SlidesWritten on 28.04.25 (last change on 28.04.25) by Doreen Riepel Hi everyone, you can now find the slides from today's session in the materials section. Please let me know about your preferences until Sunday. (Links to the papers are provided on the main page.) The next meeting will then start at 16:30 (only this one time) in the same room as… Read more Hi everyone, you can now find the slides from today's session in the materials section. Please let me know about your preferences until Sunday. (Links to the papers are provided on the main page.) The next meeting will then start at 16:30 (only this one time) in the same room as today. Best, Doreen |
Provable Security of Key Exchange Protocols
Cryptographic protocols such as TLS and Signal form the foundation of secure communication, ensuring confidentiality, integrity, and authentication for billions of users worldwide. In this seminar, we will look into the theoretical foundations of the underlying protocols. We will examine recent research papers on key exchange and secure messaging that address advanced cryptographic properties (e.g., deniability), specific functionalities (e.g., password-based or hybrid key exchange), and tight security proofs.
Each student will be assigned a research paper to present with subsequent discussion. Additionally, the talk should be summarized in a two-page handout. Since these papers are often extensive and contain detailed security proofs, students may concentrate on a specific contribution in coordination with the lecturer. To support this process, the seminar will include two introductory sessions with guidance, practical tips, and an example presentation.
Schedule
The seminar takes place on Mondays 16:00-18:00.
Location: E 9.1 (CISPA main building), room 2.22
Meetings:
- April 28: Kickoff meeting
- May 5: Intro (Part 1) and Paper Assignment [Start at 16:30]
- May 12: Intro (Part 2) [Virtually]
- May 19: No meeting
- May 26: Intro (Part 3)
- June 2: No meeting (optional: virtual Q&A on another weekday)
- June 9: Holiday (optional: virtual Q&A on another weekday)
- June 16: Q&A [Virtually]
- June 23: Presentation 1+2
- June 30: Presentation 3+4
- July 7: Presentation 5+6
- July 14: Presentation 7+8
Unless specified as optional, attendance is mandatory. Zoom links for virtual sessions will be published ahead of time. For additional guidance, we will have two optional Q&A sessions. I will send out a poll to find a suitable date and time in advance.
In the last four weeks of the semester, we will have the final presentations. The order is determined by the order of the list of papers (see below). Talks should be 45 minutes + 15 minutes discussion, and each student is expected to prepare a handout to be submitted on the Thursday before the talk. More details on the expected outcome will be provided in the kickoff and first intro session.
In the kickoff, I will give an overview of the following papers. Some papers have long and detailed definitions and proofs, and I will outline a potential focus for each paper. Each student should then pick around three papers before the Intro meeting on May 5, so that we can have a fair assignment process. The order is as follows:
- Non-Interactive Key Exchange (https://eprint.iacr.org/2012/732.pdf) [NIKE]
- Highly Eļ¬cient Key Exchange Protocols with Optimal Tightness (https://eprint.iacr.org/2019/737.pdf) [AKE]
- Protoss: Protocol for Tight Optimal Symmetric Security (https://eprint.iacr.org/2024/1581.pdf) [PAKE]
- SweetPAKE: Key exchange with decoy passwords (https://eprint.iacr.org/2024/307.pdf) [PAKE]
- Unilaterally-Authenticated Key Exchange (https://eprint.iacr.org/2017/109.pdf) [AKE]
- Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2 (https://eprint.iacr.org/2020/1519.pdf) [AKE]
- The OPTLS Protocol and TLS 1.3 (https://eprint.iacr.org/2015/978.pdf) [AKE]
- Post-Quantum TLS Without Handshake Signatures (https://eprint.iacr.org/2020/534.pdf) [AKE]
- Many a Mickle Makes a Muckle: A Framework for Provably Quantum-Secure Hybrid Key Exchange (https://eprint.iacr.org/2020/099.pdf) [AKE]
- Obfuscated Key Exchange (https://eprint.iacr.org/2024/1086.pdf) [AKE]
- Towards post-quantum secure PAKE - A tight security proof for OCAKE in the BPR model (https://eprint.iacr.org/2023/1368.pdf) [PAKE]
- Bundled Authenticated Key Exchange: A Concrete Treatment of (Post-Quantum) Signal’s Handshake Protocol (https://eprint.iacr.org/2025/040.pdf) [Messaging]
- Security Analysis of Signal’s PQXDH Handshake (https://eprint.iacr.org/2024/702.pdf) [Messaging]
- The Double Ratchet: Security Notions, Proofs, and Modularization for the Signal Protocol (https://eprint.iacr.org/2018/1037.pdf) [Messaging]
- Towards Leakage-Resilient Ratcheted Key Exchange (https://eprint.iacr.org/2025/332.pdf) [Messaging]
- Anamorphic Authenticated Key Exchange: Double Key Distribution under Surveillance (https://eprint.iacr.org/2024/1438.pdf) [AKE]
- A Deniability Analysis of Signal's Initial Handshake PQXDH (https://eprint.iacr.org/2024/741.pdf) [Messaging]
- K-Waay: Fast and Deniable Post-Quantum X3DH without Ring Signatures (https://eprint.iacr.org/2024/120.pdf) [Messaging]