On the Privacy-Preserving Infrastructure for Authenticated Key Exchange

Privacy-preserving authenticated key exchange (PPAKE) protocols aim at providing both session key indistinguishability and party identifier hiding. Parties in PPAKEs usually interact with a public key infrastructure (PKI) or similar services for authentication, especially for validating certificates and other identity-binding tokens during the handshake. However, these essential validation messages, which have not been captured in current models, open attack surfaces for adversaries. In this paper, we propose a new refined infrastructure model (RI) for privacy in the infrastructure. As the cryptographic core, we also present a novel certificate validation protocol (CVP) that can be instantiated with anonymous Bloom filter key encapsulation mechanisms (ANO-BFKEM). The new CVP protects user identity in certificate validation, thus enhances the privacy guarantee of PPAKE.