Lightweight 0-RTT Session Resumption Protocol for Constrained Devices

With the growing popularity of various Internet of Things (IoT) applications, securing data transmission over these networks become critical. The authenticated key exchange (AKE) protocol is a fundamental cryptographic primitive that achieves this goal by creating a shared session key. However, since IoT end devices are usually resource-constrained, devising secure and efficient AKE protocols for IoT applications remains challenging. In this paper, we investigate the design of zero round-trip time (0-RTT) session resumption protocols based on pre-shared keys, which enables an end device to send encrypted data to a server without prior key exchange. Specifically, we first propose a new construction of puncturable pseudo-random function (PRF), and prove its security under the RSA assumption. Then, based on the proposed puncturable PRF and authenticated encryption with associated data, we put forward a new construction of 0-RTT session resumption protocol that simultaneously provides forward security and resistance against replay attacks. We further demonstrate how to combine the proposed 0-RTT session resumption protocol with other symmetric AKE protocols for IoT applications. Both theoretical comparisons and experimental results indicate that our proposal has significant advantages in terms of computation and storage costs for practical parameter settings. Thus, it is especially desirable for constrained devices.