This is a potential security issue, you are being redirected to https://csrc.nist.gov.
Public-key authentication in SSH reveals more information about the participants' keys than is necessary. (1) The server can learn a client's entire set of public keys, even keys generated for other servers. (2) The server learns exactly which key the client uses to authenticate, and can further prove this fact to a third party. (3) A client can learn whether the server recognizes public keys belonging to other users. Each of these problems lead to tangible privacy violations for SSH users.
In this talk I will describe a new public-key authentication method for SSH that reveals essentially the minimum possible amount of information to both the client and server. It supports existing SSH keypairs of all standard flavors. This is joint work with Lawrence Roy, Stanislav Lyakhov, and Yeongjin Jang, which appeared at USENIX Security 2022.
Suggested reading: ia.cr/2022/740
Security and Privacy: cryptography