DFG's project page
Authenticated Key Exchange (AKE) protocols are integrated in modern web browsers on plenty of devices such as PCs, smartphones and tablet computers. Services like emailing, online banking, web shops and password transmission use them regularly.
A drawback from conventional AKE protocols like the prevalent TLS protocol is the high latency of the transmission of the first payload which is cryptographically secured. This is due to the high number of messages used for establishment of a cryptographic key. Latest research shows that sophisticated AKE protocols can allow for key establishment without needless latency. These protocols are called Low-Latency Key Exchange (LLKE).
Interestingly, the concept of LLKE did not emerge from academic circles but from industry. Its motivation were concrete practical requirements of modern network infrastructure. The idea of LLKE is based on the Quick UDP Internet Connections (QUIC) protocol, which was recently developed by Google. It implements a minimum-latency AKE protocol in the current version of Google's Chrome browser, the Opera browser and in Google's server infrastructure.
Currently, industry is a step ahead of research in this field. These are rather undesirable circumstances that do occasionally occur due to today's fast-paced progress in internet technology. In cryptographic protocols it is particularly important to investigate their properties and limits as they are often wide-spread and their usage extends over long periods of time.
Current research in the field of LLKE protocols raises a number of interesting questions. They are relevant to theoretical foundations of cryptography as well as practical applications of cryptographic protocols. So far, there are no suitable constructions that comply with generic complexity assumptions such as "tight security" or full "forward-security". The latter is an important security objective of state-of-the-art AKE protocols.
During this project, we are developing said constructions. Furthermore, we are exploring Key-Refreshing Key Exchange Protocols, a generalization of LLKE.