Tight security is an important requirement of practical cryptographic schemes. Compared with loosely-secure schemes, tightly-secure schemes allow shorter security parameters hence are more efficient. In CRYPTO 2018, Gjøsteen and Jager proposed a tightly-secure authenticated key exchange (AKE) protocol. They used ‘commitment trick’ to construct a tight security reduction for their protocol. However, this technique leads to a three-pass execution in their protocol, and their protocol cannot achieve key confirmation unless it is modified to have a four-pass execution. In this study, the authors propose a tightly-secure two-pass AKE protocol. They use the twin Diffie–Hellman problem and the ‘re-patch’ trick of random oracles to construct a tight security reduction for their protocol. This technique allows their protocol to have a two-pass execution. Their protocol provides several security properties such as key-compromise-impersonation security, unknown-key-share security, and weak perfect forward secrecy. Moreover, a three-pass variant of their protocol provides key confirmation.

中文翻译：

---

使用双Diffie-Hellman问题的严格安全的两次验证密钥交换协议

严格的安全性是实用密码方案的重要要求。与宽松安全方案相比，严格安全方案允许较短的安全参数，因此效率更高。在CRYPTO 2018中，Gjøsteen和Jager提出了一种严格安全的认证密钥交换（AKE）协议。他们使用“承诺技巧”为其协议构造了严格的安全性降低。但是，此技术导致其协议中的三遍执行，并且除非将其修改为具有四遍执行，否则他们的协议无法实现密钥确认。在这项研究中，作者提出了一种严格安全的两遍AKE协议。他们使用双Diffie-Hellman问题和随机预言机的“重新修补”技巧来为其协议构造严格的安全性降低。该技术允许其协议具有两次通过的执行。他们的协议提供了几种安全属性，例如密钥泄露模拟安全性，未知密钥共享安全性和较弱的完美前向保密性。此外，他们的协议的三遍变体提供了密钥确认。