Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

IT security group Show image information

IT security group

Low-Latency Key Exchange

DFG's project page

Authenticated Key Exchange (AKE) protocols are integrated in modern web browsers on plenty of devices such as PCs, smartphones and tablet computers. Services like emailing, online banking, web shops and password transmission use them regularly.

A drawback from conventional AKE protocols like the prevalent TLS protocol is the high latency of the transmission of the first payload which is cryptographically secured. This is due to the high number of messages used for establishment of a cryptographic key. Latest research shows that sophisticated AKE protocols can allow for key establishment without needless latency. These protocols are called Low-Latency Key Exchange (LLKE).

Interestingly, the concept of LLKE did not emerge from academic circles but from industry. Its motivation were concrete practical requirements of modern network infrastructure. The idea of LLKE is based on the Quick UDP Internet Connections (QUIC) protocol, which was recently developed by Google. It implements a minimum-latency AKE protocol in the current version of Google's Chrome browser, the Opera browser and in Google's server infrastructure.

Currently, industry is a step ahead of research in this field. These are rather undesirable circumstances that do occasionally occur due to today's fast-paced progress in internet technology. In cryptographic protocols it is particularly important to investigate their properties and limits as they are often wide-spread and their usage extends over long periods of time.

Current research in the field of LLKE protocols raises a number of interesting questions. They are relevant to theoretical foundations of cryptography as well as practical applications of cryptographic protocols. So far, there are no suitable constructions that comply with generic complexity assumptions such as "tight security" or full "forward-security". The latter is an important security objective of state-of-the-art AKE protocols.

During this project, we are developing said constructions. Furthermore, we are exploring Key-Refreshing Key Exchange Protocols, a generalization of LLKE.

Further information:
+49 5251 60-6686
+49 5251 60-6414

Office hours:

By appointment

Carmen Buschmeyer

Computers and Society – Computing in Contex

+49 5251 60-6412
+49 5251 60-6414

The University for the Information Society