An ID-based authenticated key exchange protocol based on bilinear Diffie-Hellman problem
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security - ASIACCS '09
In recent years, a great deal of ID-based authenticated key exchange protocols have been proposed. However, many of them have been broken or have no security proof. The main issue is that without static private key it is difficult for simulator to fully support the SessionKeyReveal and EphemeralKeyReveal queries. Some proposals which have purported to be provably secure just hold in relatively weak model, which does not fully support above-mentioned two queries. For protocols to be proven
... in more desirable model, people must make use of the stronger gap  assumption, which means that the computational problem remains hard even in the presence of an effective decision oracle. However, the gap assumption may not be acceptable at all, since the decision oracle, which the proofs rely on, may not exist in real world. Cash, Kiltz and Shoup  recently proposed a new computational problem called twin Diffie-Hellman problem, a nice feature of which not enjoyed by ordinary Diffie-Hellman problem is that the twin Diffie-Hellman problem remains hard, even with access to a decision oracle that recognizes solutions to the problem. At the heart of their method is the "trapdoor test" that allows us to implement an effective decision oracle for the twin Diffie-Hellman problem, without knowing the corresponding discrete logarithm. In this paper,we present a new ID-based authenticated key exchange (ID-AKE) protocol based on the trapdoor test technique. Compared with previous ID-AKE protocols, our proposal is based on the Bilinear Diffie-Hellman (BDH) assumption, which is more standard than Gap Bilinear Diffie-Hellman (GBDH) assumption, on which previous protocols are based. Moreover, our scheme is shown to be secure in the enhanced Canetti-Krawczyk (eCK) model, which is the currently strongest AKE security model.