惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园 - 司徒正美
D
Darknet – Hacking Tools, Hacker News & Cyber Security
M
MIT News - Artificial intelligence
腾讯CDC
IT之家
IT之家
Microsoft Azure Blog
Microsoft Azure Blog
M
Microsoft Research Blog - Microsoft Research
阮一峰的网络日志
阮一峰的网络日志
H
Help Net Security
L
LangChain Blog
G
Google Developers Blog
Stack Overflow Blog
Stack Overflow Blog
人人都是产品经理
人人都是产品经理
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 【当耐特】
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
U
Unit 42
Recent Announcements
Recent Announcements
S
SegmentFault 最新的问题
大猫的无限游戏
大猫的无限游戏
博客园 - Franky
T
The Blog of Author Tim Ferriss
罗磊的独立博客
宝玉的分享
宝玉的分享
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
雷峰网
雷峰网
D
DataBreaches.Net
爱范儿
爱范儿
Schneier on Security
Schneier on Security
P
Palo Alto Networks Blog
Spread Privacy
Spread Privacy
Hugging Face - Blog
Hugging Face - Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
K
Kaspersky official blog
P
Privacy & Cybersecurity Law Blog
博客园_首页
T
Threat Research - Cisco Blogs
I
InfoQ
有赞技术团队
有赞技术团队
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Recorded Future
Recorded Future
量子位
H
Hackread – Cybersecurity News, Data Breaches, AI and More
GbyAI
GbyAI
Cyberwarzone
Cyberwarzone
B
Blog
C
Check Point Blog
P
Proofpoint News Feed
S
Securelist
A
Arctic Wolf

Cryptology ePrint Archive

Full Key Recovery of Masked PRESENT on an Out-of-Order RISC-V Processor: A First Reported Case Study Streamlined Symmetric Private Information Retrieval via Rényi Divergence Guess-and-Determine Rebound Revisited: Full Quantum Collision Attack on AES-256 in DM Hash Mode Round-Optimal Subversion-Resilient UC PAKE from Malleable Trapdoor Smooth Projective Hash Functions AWARE: A Non-Interactive Anonymous Whistleblowing System against Recipient Corruption Ciphertext-Updatable Attribute-Based and Predicate Encryption from Lattices Finding Random Collisions for Random Degree-2 Functions Safe and Secure Autonomy by Machine Learning Techniques: A Systematic Literature Review Doubly Aggregatable Signatures CoNAN: A Structure-Aware Framework for Lattice Cryptanalysis Classical and Quantum Full Plaintext Recovery for Low-Round Feistel-Type Designs Related-Differential Distinguishers on up to 7 Rounds of AES Scaling Intelligence: Verifiable Decision Forest Inference with $\textit{Remainder}$ On Publicly Verifiable Tokens in Group Signatures with Message-Dependent Opening Resettable Non-Interactive Zero-Knowledge: Attacks and Defenses SoK: Rijndael-256 Vistrutah on FPGA: High-Throughput Pipelined Architecture and Comparison with Wider AES Variant A New Construction Method for More Efficient Quadratic One-Time Noisy Multi-Client Functional Encryption Schemes When Removing Reductions Goes Wrong: Auditing Reduction Placement in Production ML-DSA Implementations Compact Quaternion Algorithms for SQIsign Pushforward Problems and Applications to Isogeny-based Cryptography Towards a Unified Memory-Less Framework for TCitH Collusion-Resistant Asymmetric Anamorphic Encryption: Framework, Generic Construction, and Concrete Instantiations Computing Asymptotic Bounds for the Automated Coppersmith Method via Linear Programming Sparse Hermite Interpolation Method for Discrete-CKKS Functional Bootstrapping Geometric Critical Point Screening: Clustering-Free Cryptanalytic Extraction of Neural Network Models Separating the Pebbling Model from the Random Oracle Model Faster CoeffToSlot and SlotToCoeff for Sparsely Packed Ciphertexts with Application to CKKS Bootstrapping Thorns in Polynomial Convolution: Correlation, Large Deviations, and Applications Schnorr-like Proofs of Knowledge for Hidden Oil Subspaces in UOV On the Formal Verification of Authenticated Encryption of the MQTT Protocol On the Security of Public Key Authenticated Encryption with Keyword Search with Sender-independent Search Complexity Symmetric Attribute-Based Encryption from Minimal Hardness Assumptions Quantum and Post-Quantum Blockchain: A Systematic Survey Efficient Homomorphic String Search via TFHE Comments on "Server-Aided Public Key Authenticated Searchable Encryption With Constant Ciphertext and Constant Trapdoor" Updatable Public-Key Encryption from FESTA Sequence-Level Security for Active Weighted Signature Reconfiguration Linear self-equivalence of the known families of APN functions: a unified point of view Can We Tolerate Small Side-Channel Leakages: The Role of Registers in Glitch-Stopping Circuits Signal and Ready to MINGLE: In-Band Gossip for Key Transparency Split-View Detection in E2EE Messengers Constant-Online PVSS from CCA2-Secure Threshold Encryption: A Generic Framework Unified FPGA Design of Kyber and Dilithium with Provable Fault Tolerance Quantum Circuit Implementation and Grover’s Search on the Lightweight Block Cipher KLEIN Family Current trends in AI-Aided Cryptography More from Less: Composable General Multi-Party Computation with Global Public Verifiability from a Single Enclave Only PQKryvos: Post-Quantum Secure E-Voting With Flexible Ballot Formats and Public Tally-Hiding A Blockchain-Based Pre-Verification Access Control Scheme with Vector Commitments and Bulletproofs On weak keys of POK\'{E} Distributed Simon's Algorithm with Less Per-Node Qubit Overhead and Its Application to Cryptanalysis Information-Theoretic Optimistic Verifiable Secret Sharing Modern Portfolio Theory in the Crypto-Wilderness Balanced and Adaptively Secure Asynchronous Common Coin and Byzantine Agreement With Sub-Quadratic Communication Miraidon: MinRank Identification Topology-Hiding Computation From Key Agreement in Diameter-Two Graphs On Local Invariants for Permutation Equivalence Super-intelligence Survival Guide: Verification via Proof-Carrying Output Format-Preserving Encryption Creates a Privacy Attack Surface for Re-Identification Suppressing Hidden Extension-Field Linearity in Rank-Metric Cryptography via Structural Incompatibility DDYF: Differential Dolev-Yao Fuzzing of Cryptographic Protocols Single-Trace Power Analysis of LESS Key Generation BumbleBee: Best-of-Both-Worlds MVBA with Optimal Communication, Latency and Resilience Tradeoffs Maskaglia: A New, Efficient Approach to Masked Discrete Gaussian Sampling Impact of Post-Quantum Signatures on InnoDB B+-Trees and Efficient Batch Signing VeinoCert: Binding an Object to an Owner A New Insight into Constructing Cryptographic Boolean Functions via Walsh Spectral Analysis Quantum algorithm for Discrete Gaussian Sampling A formal analysis of FLEX and FLEX2 Zero-shot deep-unfolding decoder for QC-MDPC McEliece cryptosystems Profiling-Device-Free SASCA Framework for ML-KEM Key-Independent Secret-Key Distinguisher for 7-Round AES based on the Joint Generalized Zero-Difference Property Improved Dual Attack via Quantum Rejection Sampling Verifying Consensus Protocols from LLM-assisted TLA$^+$: A Case Study of Byzantine Reliable Broadcast ThriftyMPC: Reducing the Cost of Large-Scale MPC in the Cloud Revisiting DKLs Threshold ECDSA: Enhanced OT-based VOLE and Two-Party Signing Functional Bootstrapping for a Single LWE Ciphertext with \(\tilde{O}(1)\) Polynomial Multiplications LoTRS: Practical Post-Quantum Structured Threshold Ring Signatures from Lattices Asynchronous Lagrange-Based Threshold FHE with Smaller Modulus Overhead Breaking ACDGV MinRank Gabidulin encryption schemes over matrix codes Explicit cost analysis of Toom-4 multiplication for incomplete NTT in lattice-based cryptography Security Analysis on a Blockchain-based Public-Key Authenticated Searchable Encryption Scheme Icy-DVRF: A Distributed Verifiable Random Function based on FROST signatures Frobenius-UOV: A Very Efficient Multivariate Public Key Signature Scheme Revisiting Linear Subspace Trails in Poseidon2 and Neptune A New Multiscalar Multiplication Method Resistant to Timing Attacks Device Binding for Anonymous Credentials on Legacy Phones Beyond Quadratic: Unlocking Pseudorandomness with Quartic Character Multi-leveled and ISA/IEC 62443-aware Certificate Transparency to Protect the PKI Service Supply Chain of Operational Technology rBFT: a Revamped Two-Stage BFT from Delegated Committee Delving Deep into Security Guarantees against Integral Distinguishers with Applications to PRESENT, TWINE and LBLOCK On the Communication Complexity of Sleepy Consensus Operationalising Post‑Quantum TLS: Automated Configuration Profiling and Hybrid PQC Deployment in Financial Infrastructure Enhancing Blockchain Proof of Stake with Active Weighted Signatures: The ADAPT Framework Threshold FHE with Short Decryption Shares without a Semi-trusted Server Efficient Bootstrapping in Fully Homomorphic Encryption for Matrix Arithmetic YsPIR: HE-Based Single-Server Private Information Retrieval with Low Communication Cost and High Throughput Black-box validation of Falcon key generation under numerical instability Tight Lattice-Based Signatures without Trapdoors from Search LWE Formalizing Blockchain PQC Signature Transition: How to Outpace Quantum Adversaries Early-stopping Consensus with Adaptive Bit Complexity
Beyond 128 Bits: The Concrete Security of EKE
Jiawei Bao · 2026-05-26 · via Cryptology ePrint Archive

Paper 2026/1053

Beyond 128 Bits: The Concrete Security of EKE

Tibor Jager, University of Wuppertal

Eike Kiltz, Ruhr University Bochum

Aysan Nishaburi, Ruhr University Bochum

Samin Nooripoor, Ruhr University Bochum

Jiaxin Pan, University of Kassel

Abstract

Can a relevant cryptographic primitive, when instantiated over the NIST P-256 elliptic curve, achieve a bit-security level exceeding $128$ bits? Yes. We formally prove that the well-known password-authenticated key exchange protocol $\mathsf{EKE}$, introduced by Bellovin and Merritt (S&P 1992), achieves a generic security level of $128+\frac{1}{2}\log_2(N)$ bits, where $N$ denotes the size of the password space. To prove this result, we introduce and develop a new approach for showing that breaking a cryptosystem with a prescribed advantage requires solving many instances of an underlying computational assumption. To this end, we formulate the Hidden-Target Diffie-Hellman assumption. In this assumption, the adversary is given a set of $N$ Diffie-Hellman challenge instances. The Diffie-Hellman key of one uniformly random instance is designated as the hidden target. The adversary does not know which instance is the target, but may output an arbitrary subset of candidate solutions and succeeds only if this subset contains the target. We formally prove that breaking the Hidden-Target Diffie-Hellman assumption with probability greater than $(k-1)/N$ requires solving at least $k$ of the $N$ Diffie-Hellman instances. We then show that the security of $\mathsf{EKE}$ in the ideal-cipher model is equivalent to the Hidden-Target Diffie-Hellman assumption. A somewhat surprising consequence of this equivalence is that $\mathsf{EKE}$ achieves the claimed generic security level of $128+\frac{1}{2}\log_2(N)$ bits. Moreover, the equivalence implies that $\mathsf{EKE}$ remains secure even in settings where the hardness of $\mathsf{DLOG}$ or $\mathsf{CDH}$ is weaker than expected: an adversary may still need to solve on the order of hundreds or thousands of discrete logarithm instances in order to succeed, a task that may remain infeasible even for powerful attackers, including those equipped with early quantum computers.

BibTeX 

@misc{cryptoeprint:2026/1053,
      author = {Jiawei Bao and Tibor Jager and Eike Kiltz and Aysan Nishaburi and Samin Nooripoor and Jiaxin Pan},
      title = {Beyond 128 Bits: The Concrete Security of {EKE}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2026/1053},
      year = {2026},
      url = {https://eprint.iacr.org/2026/1053}
}

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。