Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Scientific knowledge map · Paper #68

Short Concurrent Covert Authenticated Key Exchange (Short cAKE)

Karim Eldefrawy, Nicholas Genise, and Stanislaw Jarecki

2023 · 29th Annual International Conference on the Theory and Applications of Cryptology and Information Security (ASIACRYPT)

  • Theory
  • Applied
  • protocol

What does the paper try to establish?

Can members of a credentialed group establish independent authenticated keys in many concurrent sessions while making the protocol traffic and even the fact of group participation indistinguishable from random beacon strings?

What is the proposed answer?

Short cAKE combines covert identity escrow and a covert KEM inside a UC functionality. Each party sends one simultaneous 351-byte message, and the construction derives a key only when both parties hold valid, non-revoked group credentials. The security theorem is conditional on the modeled components and assumptions, including static corruption and random-oracle-based building blocks; later compromise does not preserve past-session participation covertness.

Six dimensions, kept separate

The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.

The visual spider chart requires JavaScript. The complete values and rationales follow in text.

LowMediumHighN/A = not assessed

A smaller value means less documented support for that dimension, not that the paper is false or unimportant.

Epistemic evidence Medium

The complete chapter defines the UC target, components, protocol, theorem statements, and cost analysis, but defers proof and implementation details to the full version and has no independent verification represented here.

Concurrent UC model and cAKE functionality Covert KEM construction and security theorem Short cAKE protocol and UC realization Full-version proofs and proof-of-concept material
Auditability High

A complete public archive copy, IACR full-version route, and official DOI make the protocol, assumptions, and formal claims directly inspectable.

Covert AKE problem, contributions, and efficiency summary Full-version proofs and proof-of-concept material Official publication identity
Production provenance Medium

Named authorship, publication identity, and public manuscript versions are documented; author roles, revision lineage, proof-tool use, and artifact-version history are not.

Covert AKE problem, contributions, and efficiency summary Official publication identity
External scrutiny Medium

ASIACRYPT publication establishes venue review, but public reports, independent proof checking, implementation reproduction, and correction history were not located.

Official publication identity
Reception Low

The dated OpenAlex snapshot located 2 citations. Under the author-defined rule, 0 through 8 located citations is Low; citation count does not measure correctness.

Dated citation-count snapshot
Contribution significance High

The source combines concurrent UC covertness, group credential controls, one simultaneous flow, and short concrete messages in one protocol result; the assessment remains pending author verification.

Covert AKE problem, contributions, and efficiency summary Concurrent UC model and cAKE functionality Short cAKE protocol and UC realization

Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.

Hierarchical knowledge map

Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.

paper

Short concurrent covert AKE

A one-flow group-authenticated key-exchange protocol whose UC goal includes hiding protocol execution and participant credentials within random-looking beacon traffic under concurrent execution.

Covert AKE problem, contributions, and efficiency summary
  1. model UC functionality and adversary formalized

    The functionality represents a group manager, member credentials, revocation, concurrent sessions, authentication, key independence, and covert transcripts under static corruptions.

    Concurrent UC model and cAKE functionality
    1. security goal

      Authenticated independent keys

      defined

      Honest parties accepting the same session obtain a shared key only for valid, non-revoked credentials, and concurrent sessions obtain independent keys under the ideal functionality.

      Concurrent UC model and cAKE functionality
  2. protocol Short cAKE protocol constructed

    Each party simultaneously sends one compound message containing the commitment and sender/receiver material needed for covert credential escrow and covert encapsulation, then locally combines both acceptance conditions before deriving a key.

    Construction overview, components, and limitations Short cAKE protocol and UC realization
  3. claim group Security and efficiency results theorem backed

    The source states separate conditional security results for the CKEM compiler and for the composed cAKE realization, together with operation counts.

    Covert KEM construction and security theorem Short cAKE protocol and UC realization
    1. theorem

      Covert KEM theorem

      proved conditionally

      Theorem 5.1 establishes the required CKEM security from the listed commitment, proof, hash, and random-oracle assumptions under the theorem's concurrency conditions.

      Covert KEM construction and security theorem
    2. theorem

      UC realization theorem

      proved conditionally

      Theorem 6.1 states that the composed protocol realizes the defined cAKE functionality when the covert identity-escrow and CKEM components satisfy their required properties.

      Short cAKE protocol and UC realization
  4. limitation group Scope and limitations explicitly bounded

    The result is conditional on a trusted credential lifecycle and specific cryptographic models; its covertness guarantee does not automatically survive later endpoint compromise.

    Construction overview, components, and limitations Concurrent UC model and cAKE functionality
  5. scrutiny

    External scrutiny

    venue reviewed

    ASIACRYPT publication establishes venue scrutiny, but public reports, independent implementation reproduction, proof verification, correction, or adversarial follow-up were not located.

    Official publication identity

Source index

Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.

  1. Covert AKE problem, contributions, and efficiency summary Abstract and Section 1, PDF pages 1-6
  2. Construction overview, components, and limitations Technical overview, PDF pages 6-9
  3. Concurrent UC model and cAKE functionality Section 3, PDF pages 10-16
  4. Commitments, SPHF, credentials, and covert primitives Section 4, PDF pages 16-25
  5. Covert KEM construction and security theorem Section 5, PDF pages 25-28, including Theorem 5.1
  6. Short cAKE protocol and UC realization Section 6, PDF pages 28-31, including Theorem 6.1
  7. Full-version proofs and proof-of-concept material IACR ePrint 2023/1418, cited by the proceedings chapter for deferred details
  8. Official publication identity ASIACRYPT 2023, DOI 10.1007/978-981-99-8742-9_3
  9. Dated citation-count snapshot OpenAlex cited_by_count was 2 when accessed 2026-07-11