In this work we construct an alternative model for Authenticated Key Exchange, intended to build a theoretic security framework for protocols whose characteristics may not always concur with the specifics of already existing models for authenticated exchanges. This model is constructed in a modular way, from the notion of commitment schemes and employing ephemeral information, therefore avoiding the exchange of long-term cryptographic material. From this model, we propose a number of Commitment-based protocols to establish a shared secret between two parties, and study their resistance over unauthenticated channels. This means analyzing the security of the protocol itself, and its robustness against Man-in-the-Middle attacks, by formalizing their security under this model. The protocols are constructed from Key Agreement (KA) and Key Encapsulation (KEM) primitives, to show that this model can be applied to both established and new paradigms. We highlight the differences that arise naturally, due to the nature of KEM constructions, in terms of the protocol itself and the types of attacks that they are subject to. We provide practical go-to protocols instances to migrate to, both for KEM-based and KA-based cryptographic primitives.

翻译：本文构建了一种替代性的认证密钥交换模型，旨在为那些特性可能与现有认证交换模型具体细节不完全吻合的协议建立理论安全框架。该模型以模块化方式构建，基于承诺方案的概念并利用临时信息，从而避免了长期加密材料的交换。基于此模型，我们提出了一系列基于承诺的协议，用于在双方之间建立共享密钥，并研究了它们在非认证信道上的抗性。这意味着通过在该模型下形式化其安全性，分析协议本身的安全性及其抵御中间人攻击的鲁棒性。这些协议由密钥协商（KA）和密钥封装（KEM）原语构建，以表明该模型可适用于既有范式和新范式。我们强调了因KEM构造的本质而在协议本身及其所面临的攻击类型方面自然产生的差异。我们提供了实用的即时迁移协议实例，适用于基于KEM和基于KA的加密原语。