{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,13]],"date-time":"2026-05-13T00:45:21Z","timestamp":1778633121807,"version":"3.51.4"},"reference-count":41,"publisher":"Walter de Gruyter GmbH","issue":"4","license":[{"start":{"date-parts":[[2017,11,16]],"date-time":"2017-11-16T00:00:00Z","timestamp":1510790400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,12,1]]},"abstract":"Abstract<\/jats:title>\n Typically, secure channels are constructed from an authenticated key exchange (AKE) protocol, which authenticates the communicating parties based on long-term public keys and establishes secret session keys. In this paper we address the partial leakage of long-term secret keys of key exchange protocol participants due to various side-channel attacks. Security models for two-party authenticated key exchange protocols have been developed over time to provide security even when the adversary learns certain secret values. This paper combines and extends the advances of security modelling for AKE protocols addressing more granular partial leakage of long-term secrets of protocol participants. Further, we fix some flaws in security proofs of previous leakage-resilient key exchange protocols.<\/jats:p>","DOI":"10.1515\/jmc-2016-0003","type":"journal-article","created":{"date-parts":[[2017,11,16]],"date-time":"2017-11-16T17:26:19Z","timestamp":1510853179000},"page":"215-269","source":"Crossref","is-referenced-by-count":5,"title":["On the leakage-resilient key exchange"],"prefix":"10.1515","volume":"11","author":[{"given":"Janaka","family":"Alawatugoda","sequence":"first","affiliation":[{"name":"Department of Computer Engineering , University of Peradeniya , Peradeniya , Sri Lanka"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"374","published-online":{"date-parts":[[2017,11,16]]},"reference":[{"key":"2025120600200411632_j_jmc-2016-0003_ref_001_w2aab3b7b1b1b6b1ab1b7b1Aa","doi-asserted-by":"crossref","unstructured":"M. Abdalla, M. Bellare and P. Rogaway,\nThe oracle Diffie\u2013Hellman assumptions and an analysis of DHIES,\nTopics in Cryptology \u2013 CT-RSA 2001,\nLecture Notes in Comput. Sci. 2020,\nSpringer, Berlin (2001), 143\u2013158.","DOI":"10.1007\/3-540-45353-9_12"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_002_w2aab3b7b1b1b6b1ab1b7b2Aa","doi-asserted-by":"crossref","unstructured":"M. Abdalla, D. Catalano and D. Fiore,\nVerifiable random functions from identity-based key encapsulation,\nAdvances in Cryptology \u2013 EUROCRYPT 2009,\nLecture Notes in Comput. Sci. 5479,\nSpringer, Berlin (2009), 554\u2013571.","DOI":"10.1007\/978-3-642-01001-9_32"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_003_w2aab3b7b1b1b6b1ab1b7b3Aa","doi-asserted-by":"crossref","unstructured":"A. Akavia, S. Goldwasser and V. Vaikuntanathan,\nSimultaneous hardcore bits and cryptography against memory attacks,\nTheory of Cryptography,\nLecture Notes in Comput. Sci. 5444,\nSpringer, Berlin (2009), 474\u2013495.","DOI":"10.1007\/978-3-642-00457-5_28"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_004_w2aab3b7b1b1b6b1ab1b7b4Aa","doi-asserted-by":"crossref","unstructured":"J. Alawatugoda, C. Boyd and D. Stebila,\nContinuous after-the-fact leakage-resilient key exchange,\nInformation Security and Privacy \u2013 ACISP \u201914,\nLecture Notes in Comput. Sci. 8544,\nSpringer, Berlin (2014), 258\u2013273.","DOI":"10.1007\/978-3-319-08344-5_17"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_005_w2aab3b7b1b1b6b1ab1b7b5Aa","doi-asserted-by":"crossref","unstructured":"J. Alawatugoda, D. Jayasinghe and R. Ragel,\nCountermeasures against Bernstein\u2019s remote cache timing attack,\n6th IEEE International Conference on Industrial and Information Systems \u2013 ICIIS,\nIEEE Press, Piscataway (2011), 43\u201348.","DOI":"10.1109\/ICIINFS.2011.6038038"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_006_w2aab3b7b1b1b6b1ab1b7b6Aa","doi-asserted-by":"crossref","unstructured":"J. Alawatugoda, D. Stebila and C. Boyd,\nModelling after-the-fact leakage for key exchange,\nProceedings of the 9th ACM Symposium on Information, Computer and Communications Security \u2013 ASIA CCS \u201914,\nACM, New York (2014), 207\u2013216.","DOI":"10.1145\/2590296.2590317"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_007_w2aab3b7b1b1b6b1ab1b7b7Aa","doi-asserted-by":"crossref","unstructured":"J. Alawatugoda, D. Stebila and C. Boyd,\nContinuous after-the-fact leakage resilient eCK-secure key exchange,\nCryptography and Coding,\nLecture Notes in Comput. Sci. 9496,\nSpringer, Cham (2015), 277\u2013294.","DOI":"10.1007\/978-3-319-27239-9_17"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_008_w2aab3b7b1b1b6b1ab1b7b8Aa","doi-asserted-by":"crossref","unstructured":"M. Bellare and P. Rogaway,\nRandom oracles are practical: A paradigm for designing efficient protocols,\nProceedings of the 1st ACM Conference on Computer and Communications Security \u2013 ACM CCS \u201993,\nACM, New York (1993), 62\u201373.","DOI":"10.1145\/168588.168596"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_009_w2aab3b7b1b1b6b1ab1b7b9Aa","doi-asserted-by":"crossref","unstructured":"M. Bellare and P. Rogaway,\nEntity authentication and key distribution,\nAdvances in Cryptology \u2013 CRYPTO \u201993,\nLecture Notes in Comput. Sci. 773,\nSpringer, Berlin (1994), 232\u2013249.","DOI":"10.1007\/3-540-48329-2_21"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_010_w2aab3b7b1b1b6b1ab1b7c10Aa","doi-asserted-by":"crossref","unstructured":"M. Bellare and P. Rogaway,\nProvably secure session key distribution \u2013 The three party case,\nProceedings of the Twenty-Seventh Annual ACM Symposium on Theory of Computing \u2013 STOC \u201995,\nACM, New York (1995), 57\u201366.","DOI":"10.1145\/225058.225084"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_011_w2aab3b7b1b1b6b1ab1b7c11Aa","unstructured":"D. J. Bernstein,\nCache-timing attacks on AES,\npreprint (2005), http:\/\/cr.yp.to\/antiforgery\/cachetiming-20050414.pdf."},{"key":"2025120600200411632_j_jmc-2016-0003_ref_012_w2aab3b7b1b1b6b1ab1b7c12Aa","doi-asserted-by":"crossref","unstructured":"Z. Brakerski, Y. T. Kalai, J. Katz and V. Vaikuntanathan,\nOvercoming the hole in the bucket: Public-key cryptography resilient to continual memory leakage,\n51st Annual Symposium on Foundations of Computer Science \u2013 FOCS 2010,\nIEEE, Los Alamitos (2010), 501\u2013510.","DOI":"10.1109\/FOCS.2010.55"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_013_w2aab3b7b1b1b6b1ab1b7c13Aa","doi-asserted-by":"crossref","unstructured":"R. Canetti and H. Krawczyk,\nAnalysis of key-exchange protocols and their use for building secure channels,\nAdvances in Cryptology \u2013 EUROCRYPT 2001,\nLecture Notes in Comput. Sci. 2045,\nSpringer, Berlin (2001), 453\u2013474.","DOI":"10.1007\/3-540-44987-6_28"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_014_w2aab3b7b1b1b6b1ab1b7c14Aa","doi-asserted-by":"crossref","unstructured":"R. Cramer and V. Shoup,\nUniversal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption,\nAdvances in Cryptology \u2013 EUROCRYPT 2002,\nLecture Notes in Comput. Sci. 2332,\nSpringer, Berlin (2002), 45\u201364.","DOI":"10.1007\/3-540-46035-7_4"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_015_w2aab3b7b1b1b6b1ab1b7c15Aa","doi-asserted-by":"crossref","unstructured":"C. Cremers,\nExamining indistinguishability-based security models for key exchange protocols: The case of CK, CK-HMQV, and eCK,\nProceedings of the 6th ACM Symposium on Information, Computer and Communications Security \u2013 ASIACCS 2011,\nACM, New York (2011), 80\u201391.","DOI":"10.1145\/1966913.1966925"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_016_w2aab3b7b1b1b6b1ab1b7c16Aa","doi-asserted-by":"crossref","unstructured":"W. Diffie and M. E. Hellman,\nNew directions in cryptography,\nIEEE Trans. Inform. Theory 22 (1976), no. 6, 644\u2013654.\n10.1109\/TIT.1976.1055638","DOI":"10.1109\/TIT.1976.1055638"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_017_w2aab3b7b1b1b6b1ab1b7c17Aa","doi-asserted-by":"crossref","unstructured":"W. Diffie, P. C. Van Oorschot and M. J. Wiener,\nAuthentication and authenticated key exchanges,\nDes. Codes Cryptogr. 2 (1992), no. 2, 107\u2013125.\n10.1007\/BF00124891","DOI":"10.1007\/BF00124891"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_018_w2aab3b7b1b1b6b1ab1b7c18Aa","doi-asserted-by":"crossref","unstructured":"Y. Dodis, L. Reyzin and A. Smith,\nFuzzy extractors: How to generate strong keys from biometrics and other noisy data,\nAdvances in Cryptology \u2013 EUROCRYPT 2004,\nLecture Notes in Comput. Sci. 3027,\nSpringer, Berlin (2004), 523\u2013540.","DOI":"10.1007\/978-3-540-24676-3_31"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_019_w2aab3b7b1b1b6b1ab1b7c19Aa","doi-asserted-by":"crossref","unstructured":"S. Dziembowski and S. Faust,\nLeakage-resilient cryptography from the inner-product extractor,\nAdvances in Cryptology \u2013 ASIACRYPT 2011,\nLecture Notes in Comput. Sci. 7073,\nSpringer, Heidelberg (2011), 702\u2013721.","DOI":"10.1007\/978-3-642-25385-0_38"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_020_w2aab3b7b1b1b6b1ab1b7c20Aa","doi-asserted-by":"crossref","unstructured":"S. Dziembowski and K. Pietrzak,\nLeakage-resilient cryptography,\nIEEE 49th Annual IEEE Symposium on Foundations of Computer Science \u2013 FOCS \u201908,\nIEEE Press, Piscataway (2008), 293\u2013302.","DOI":"10.1109\/FOCS.2008.56"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_021_w2aab3b7b1b1b6b1ab1b7c21Aa","doi-asserted-by":"crossref","unstructured":"S. Faust, E. Kiltz, K. Pietrzak and G. N. Rothblum,\nLeakage-resilient signatures,\nTheory of Cryptography,\nLecture Notes in Comput. Sci. 5978,\nSpringer, Berlin (2010), 343\u2013360.","DOI":"10.1007\/978-3-642-11799-2_21"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_022_w2aab3b7b1b1b6b1ab1b7c22Aa","doi-asserted-by":"crossref","unstructured":"S. Halevi and H. Lin,\nAfter-the-fact leakage in public-key encryption,\nTheory of Cryptography,\nLecture Notes in Comput. Sci. 6597,\nSpringer, Heidelberg (2011), 107\u2013124.","DOI":"10.1007\/978-3-642-19571-6_8"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_023_w2aab3b7b1b1b6b1ab1b7c23Aa","doi-asserted-by":"crossref","unstructured":"M. Hutter, S. Mangard and M. Feldhofer,\nPower and EM attacks on passive 13.56\u2009MHz RFID devices,\nCryptographic Hardware and Embedded Systems \u2013 CHES 2007,\nLecture Notes in Comput. Sci. 4727,\nSpringer, Berlin (2007), 320\u2013333.","DOI":"10.1007\/978-3-540-74735-2_22"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_024_w2aab3b7b1b1b6b1ab1b7c24Aa","doi-asserted-by":"crossref","unstructured":"D. P. Jablon,\nStrong password-only authenticated key exchange,\nSIGCOMM Comput. Commun. Rev. 26 (1996), 5\u201326.\n10.1145\/242896.242897","DOI":"10.1145\/242896.242897"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_025_w2aab3b7b1b1b6b1ab1b7c25Aa","unstructured":"J. Katz and Y. Lindell,\nIntroduction to Modern Cryptography, 2nd ed.,\nChapman & Hall\/CRC Cryptogr. Netw. Secur.,\nCRC Press, Boca Raton, 2015."},{"key":"2025120600200411632_j_jmc-2016-0003_ref_026_w2aab3b7b1b1b6b1ab1b7c26Aa","doi-asserted-by":"crossref","unstructured":"J. Katz and V. Vaikuntanathan,\nSignature schemes with bounded leakage resilience,\nAdvances in Cryptology \u2013 ASIACRYPT 2009,\nLecture Notes in Comput. Sci. 8912,\nSpringer, Berlin (2009), 703\u2013720.","DOI":"10.1007\/978-3-642-10366-7_41"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_027_w2aab3b7b1b1b6b1ab1b7c27Aa","doi-asserted-by":"crossref","unstructured":"E. Kiltz, K. Pietrzak, M. Stam and M. Yung,\nA new randomness extraction paradigm for hybrid encryption,\nAdvances in Cryptology \u2013 EUROCRYPT 2009,\nLecture Notes in Comput. Sci. 5479,\nSpringer, Berlin (2009), 590\u2013609.","DOI":"10.1007\/978-3-642-01001-9_34"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_028_w2aab3b7b1b1b6b1ab1b7c28Aa","doi-asserted-by":"crossref","unstructured":"M. Kim, A. Fujioka and B. Ustaoglu,\nStrongly secure authenticated key exchange without NAXOS\u2019 approach,\nAdvances in Information and Computer Security \u2013 IWSEC 2009,\nLecture Notes in Comput. Sci. 5824,\nSpringer, Berlin (2009), 174\u2013191.","DOI":"10.1007\/978-3-642-04846-3_12"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_029_w2aab3b7b1b1b6b1ab1b7c29Aa","doi-asserted-by":"crossref","unstructured":"P. C. Kocher,\nTiming attacks on implementations of Diffie\u2013Hellman, RSA, DSS, and other systems,\nAdvances in Cryptology \u2013 CRYPTO \u201996,\nLecture Notes in Comput. Sci. 1109,\nSpringer, Berlin (1996), 104\u2013113.","DOI":"10.1007\/3-540-68697-5_9"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_030_w2aab3b7b1b1b6b1ab1b7c30Aa","unstructured":"H. Krawczyk,\nOn Extract-then-expand key derivation functions and an HMAC-based KDF,\npreprint (2008), http:\/\/webee.technion.ac.il\/~hugo\/kdf\/kdf.pdf."},{"key":"2025120600200411632_j_jmc-2016-0003_ref_031_w2aab3b7b1b1b6b1ab1b7c31Aa","doi-asserted-by":"crossref","unstructured":"B. LaMacchia, K. Lauter and A. Mityagin,\nStronger security of authenticated key exchange,\nProvable Security \u2013 ProvSec 2007,\nLecture Notes in Comput. Sci. 4784,\nSpringer, Berlin (2007), 1\u201316.","DOI":"10.1007\/978-3-540-75670-5_1"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_032_w2aab3b7b1b1b6b1ab1b7c32Aa","doi-asserted-by":"crossref","unstructured":"P. MacKenzie,\nMore efficient password-authenticated key exchange,\nTopics in Cryptology \u2013 CT-RSA 2001,\nLecture Notes in Comput. Sci. 2020,\nSpringer, Berlin (2001), 361\u2013377.","DOI":"10.1007\/3-540-45353-9_27"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_033_w2aab3b7b1b1b6b1ab1b7c33Aa","doi-asserted-by":"crossref","unstructured":"T. Malkin, I. Teranishi, Y. Vahlis and M. Yung,\nSignatures resilient to continual leakage on memory and computation,\nTheory of Cryptography,\nLecture Notes in Comput. Sci. 6597,\nSpringer, Heidelberg (2011), 89\u2013106.","DOI":"10.1007\/978-3-642-19571-6_7"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_034_w2aab3b7b1b1b6b1ab1b7c34Aa","doi-asserted-by":"crossref","unstructured":"T. S. Messerges, E. A. Dabbish and R. H. Sloan,\nExamining smart-card security under the threat of power analysis attacks,\nIEEE Trans. Comput. 51 (2002), no. 5, 541\u2013552.\n10.1109\/TC.2002.1004593","DOI":"10.1109\/TC.2002.1004593"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_035_w2aab3b7b1b1b6b1ab1b7c35Aa","doi-asserted-by":"crossref","unstructured":"S. Micali and L. Reyzin,\nPhysically observable cryptography (extended abstract),\nTheory of Cryptography,\nLecture Notes in Comput. Sci. 2951,\nSpringer, Berlin (2004), 278\u2013296.","DOI":"10.1007\/978-3-540-24638-1_16"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_036_w2aab3b7b1b1b6b1ab1b7c36Aa","doi-asserted-by":"crossref","unstructured":"D. Moriyama and T. Okamoto,\nAn eCK-secure authenticated key exchange protocol without random oracles,\nProvable Security \u2013 ProvSec 2009,\nLecture Notes in Comput. Sci. 5848,\nSpringer, Berlin (2009), 154\u2013167.","DOI":"10.1007\/978-3-642-04642-1_14"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_037_w2aab3b7b1b1b6b1ab1b7c37Aa","doi-asserted-by":"crossref","unstructured":"D. Moriyama and T. Okamoto,\nLeakage resilient eCK-secure key exchange protocol without random oracles,\nProceedings of the 6th ACM Symposium on Information, Computer and Communications Security \u2013 ASIACCS \u201911,\nACM, New York (2011), 441\u2013447.","DOI":"10.1145\/1966913.1966976"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_038_w2aab3b7b1b1b6b1ab1b7c38Aa","doi-asserted-by":"crossref","unstructured":"M. Naor and G. Segev,\nPublic-key cryptosystems resilient to key leakage,\nAdvances in Cryptology \u2013 CRYPTO 2009,\nLecture Notes in Comput. Sci. 5677,\nSpringer, Berlin (2009), 18\u201335.","DOI":"10.1007\/978-3-642-03356-8_2"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_039_w2aab3b7b1b1b6b1ab1b7c39Aa","doi-asserted-by":"crossref","unstructured":"K. Pietrzak,\nA leakage-resilient mode of operation,\nAdvances in Cryptology \u2013 EUROCRYPT 2009,\nLecture Notes in Comput. Sci. 5479,\nSpringer, Berlin (2009), 462\u2013482.","DOI":"10.1007\/978-3-642-01001-9_27"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_040_w2aab3b7b1b1b6b1ab1b7c40Aa","doi-asserted-by":"crossref","unstructured":"B. Ustaoglu,\nObtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS,\nDes. Codes Cryptogr. 46 (2008), no. 3, 329\u2013342.\n10.1007\/s10623-007-9159-1","DOI":"10.1007\/s10623-007-9159-1"},{"key":"2025120600200411632_j_jmc-2016-0003_ref_041_w2aab3b7b1b1b6b1ab1b7c41Aa","doi-asserted-by":"crossref","unstructured":"Z. Yang,\nEfficient eCK-secure authenticated key exchange protocols in the standard model,\nInformation and Communications Security,\nLecture Notes in Comput. Sci. 8233,\nSpringer, Cham (2013), 185\u2013193.","DOI":"10.1007\/978-3-319-02726-5_14"}],"container-title":["Journal of Mathematical Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.degruyter.com\/view\/j\/jmc.2017.11.issue-4\/jmc-2016-0003\/jmc-2016-0003.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2016-0003\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2016-0003\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T00:20:12Z","timestamp":1764980412000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2016-0003\/html"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,11,16]]},"references-count":41,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2017,10,18]]},"published-print":{"date-parts":[[2017,12,1]]}},"alternative-id":["10.1515\/jmc-2016-0003"],"URL":"https:\/\/doi.org\/10.1515\/jmc-2016-0003","relation":{},"ISSN":["1862-2984","1862-2976"],"issn-type":[{"value":"1862-2984","type":"electronic"},{"value":"1862-2976","type":"print"}],"subject":[],"published":{"date-parts":[[2017,11,16]]}}}