Breaking One-Round Key-Agreement Protocols in the Random Oracle Model

TL;DR

This paper demonstrates that one-round key-agreement protocols in the random oracle model can be broken by an adversary with a quadratic number of oracle queries, highlighting limitations in their security.

Contribution

The paper proves that any one-round key-agreement protocol in the random oracle model can be compromised with O(n^2) queries, providing a quadratic lower bound on security.

Findings

Eve can break protocols with O(n^2) queries

The quadratic bound is tight for one-round protocols

Results are independent of recent multi-round bounds

Abstract

In this paper we study one-round key-agreement protocols analogous to Merkle's puzzles in the random oracle model. The players Alice and Bob are allowed to query a random permutation oracle $n$ times and upon their queries and communication, they both output the same key with high probability. We prove that Eve can always break such a protocol by querying the oracle $O(n^2)$ times. The long-time unproven optimality of the quadratic bound in the fully general, multi-round scenario has been shown recently by Barak and Mahmoody-Ghidary. The results in this paper have been found independently of their work.