Part of the book series:Lecture Notes in Computer Science ((LNSC,volume 11035))
Included in the following conference series:
1559Accesses
Abstract
Password-Authenticated Key Exchange (PAKE) establishes a shared key between two parties who hold the same password, assuring security against offline password-guessing attacks. Theasymmetric PAKE (a.k.a.augmented orverifier-based PAKE) strengthens this notion by allowing one party, typically a server, to hold a one-way hash of the password, with the property that a compromise of the server allows the adversary to recover the password only via theoffline dictionary attack against this hashed password. Today’s client-to-server Internet authentication is asymmetric, with the server holding only a (salted) password hash, but it relies on client’s trust in the server’s public key certificate. By contrast, cryptographic PAKE literature addresses the password-only setting, without assuming certified public keys, but it commonly does not address the asymmetric PAKE setting which is required for client-to-server authentication.
The asymmetric PAKE (aPAKE) was defined in the Universally Composable (UC) framework by the work of Gentry et al. [15], who also provided a generic method of converting a UC PAKE to UC aPAKE, at the cost of two additional communication rounds. Motivated by practical applications of aPAKEs, in this paper we propose alternative methods for converting a UC PAKE to UC aPAKE, which use only one additional round. Moreover, since this extra message is sent from client to server, it does not add any round overhead in applications which require explicit client-to-server authentication. Importantly, this round-complexity reduction in the compiler comes at virtually no cost, since with respect to local computation and security assumptions our constructions are comparable to that of Gentry et al. [15].
This is a preview of subscription content,log in via an institution to check access.
Access this chapter
Subscribe and save
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Buy Now
- Chapter
- JPY 3498
- Price includes VAT (Japan)
- eBook
- JPY 5719
- Price includes VAT (Japan)
- Softcover Book
- JPY 7149
- Price includes VAT (Japan)
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The compiler of [16] also adds up to 2 extra rounds to the aPAKE protocol, but for example in the case of any of our aPAKE constructions instantiated with the PAKE of Abdallaet al. [1] (see Fig. 4), the OPRF instance in the compiler of [16] would be piggybacked with the first two protocol flows, so the resultingprivately salted UC aPAKE would have the same 3 rounds.
References
Abdalla, M., Catalano, D., Chevalier, C., Pointcheval, D.: Efficient two-party password-based key exchange protocols in the UC framework. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 335–351. Springer, Heidelberg (2008).https://doi.org/10.1007/978-3-540-79263-5_22
Abdalla, M., Chevassut, O., Pointcheval, D.: One-time verifier-based encrypted key exchange. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 47–64. Springer, Heidelberg (2005).https://doi.org/10.1007/978-3-540-30580-4_5
Abdalla, M., Pointcheval, D.: Simple password-based encrypted key exchange protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005).https://doi.org/10.1007/978-3-540-30574-3_14
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000).https://doi.org/10.1007/3-540-45539-6_11
Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE Computer Society Symposium on Research in Security and Privacy - S&P 1992, pp. 72–84. IEEE (1992)
Bellovin, S.M., Merritt, M.: Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise. In: ACM Conference on Computer and Communications Security - CCS 1993, pp. 244–250. ACM (1993)
Benhamouda, F., Pointcheval, D.: Verifier-based password-authenticated key exchange: new models and constructions. IACR Cryptology ePrint Archive 2013:833 (2013)
Bernstein, D.J., Hamburg, M., Krasnova, A., Lange, T.: Elligator: elliptic-curve points indistinguishable from uniform random strings. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & #38; Communications Security, CCS 2013, pp. 967–980. ACM, New York (2013)
Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000).https://doi.org/10.1007/3-540-45539-6_12
Camenisch, J., Casati, N., Gross, T., Shoup, V.: Credential authenticated identification and key exchange. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 255–276. Springer, Heidelberg (2010).https://doi.org/10.1007/978-3-642-14623-7_14
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: IEEE Symposium on Foundations of Computer Science - FOCS 2001, pp. 136–145. IEEE (2001)
Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005).https://doi.org/10.1007/11426639_24
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987).https://doi.org/10.1007/3-540-47721-7_12
Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003).https://doi.org/10.1007/3-540-39200-9_33
Gentry, C., MacKenzie, P., Ramzan, Z.: A method for making password-based key exchange resilient to server compromise. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 142–159. Springer, Heidelberg (2006).https://doi.org/10.1007/11818175_9
Jarecki, S., Krawczyk, H., Xu, J.: OPAQUE: An Asymmetric PAKE Protocol Secure Against Pre-computation Attacks. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 456–486. Springer, Cham (2018).https://doi.org/10.1007/978-3-319-78372-7_15
Jutla, C., Roy, A.: Relatively-sound NIZKs and password-based key-exchange. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 485–503. Springer, Heidelberg (2012).https://doi.org/10.1007/978-3-642-30057-8_29
Jutla, C.S., Roy, A.: Dual-system simulation-soundness with applications to UC-PAKE and more. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 630–655. Springer, Heidelberg (2015).https://doi.org/10.1007/978-3-662-48797-6_26
Jutla, C.S., Roy, A.: Smooth NIZK arguments with applications to asymmetric UC-PAKE and threshold-IBE. IACR Cryptology ePrint Archive 2016:233 (2016)
Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001).https://doi.org/10.1007/3-540-44987-6_29
Katz, J., Vaikuntanathan, V.: Round-optimal password-based authenticated key exchange. J. Cryptol.26(4), 714–743 (2013)
Kiefer, F., Manulis, M.: Zero-knowledge password policy checks and verifier-based PAKE. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 295–312. Springer, Cham (2014).https://doi.org/10.1007/978-3-319-11212-1_17
MacKenzie, P.: More efficient password-authenticated key exchange. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 361–377. Springer, Heidelberg (2001).https://doi.org/10.1007/3-540-45353-9_27
MacKenzie, P., Patel, S., Swaminathan, R.: Password-authenticated key exchange based on RSA. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 599–613. Springer, Heidelberg (2000).https://doi.org/10.1007/3-540-44448-3_46
National Institute of Standards and Technology, U.S. Fips pub 186-4: Digital Signature Standard (DSS), July 2013.https://csrc.nist.gov. Accessed 2013
Tibouchi, M., Kim, T.: Improved elliptic curve hashing and point representation. Des. Codes Cryptogr.82(1–2), 161–177 (2017)
Acknowledgements
This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government, Ministry of Science and ICT (MSIT) (No. 2016-0-00097, Development of Biometrics-Based Key Infrastructure Technology for Online Identification, and No. 2018-0-01369, Developing blockchain identity management system with implicit augmented authentication and privacy protection for O2O services), and supported by the MSIT, Korea, under the ITRC (Information Technology Research Center) support programs (IITP-2018-0-01423, and IITP-2018-2016-0-00304) supervised by the IITP. This work was also supported by Samsung Research Funding Center of Samsung Electronics under Project (No. SRFC-TB1403-52). We would like to thank anonymous SCN 2018 reviewers for their valuable comments.
Author information
Authors and Affiliations
Electronics and Telecommunications Research Institute, Daejeon, Republic of Korea
Jung Yeon Hwang
University of California, Irvine, USA
Stanislaw Jarecki & Jiayu Xu
Yonsei University, Seoul, Republic of Korea
Taekyoung Kwon
Seoul National University, Seoul, Republic of Korea
Joohee Lee
Sejong University, Seoul, Republic of Korea
Ji Sun Shin
- Jung Yeon Hwang
You can also search for this author inPubMed Google Scholar
- Stanislaw Jarecki
You can also search for this author inPubMed Google Scholar
- Taekyoung Kwon
You can also search for this author inPubMed Google Scholar
- Joohee Lee
You can also search for this author inPubMed Google Scholar
- Ji Sun Shin
You can also search for this author inPubMed Google Scholar
- Jiayu Xu
You can also search for this author inPubMed Google Scholar
Corresponding author
Correspondence toJoohee Lee.
Editor information
Editors and Affiliations
University of Catania, Catania, Italy
Dario Catalano
University of Salerno, Fisciano, Italy
Roberto De Prisco
A UC Password Authentication Functionalities
A UC Password Authentication Functionalities
For reference we include the specification of functionalities\(\mathsf {F}_{\mathsf {rpwKE}}\) and\(\mathsf {F}_{\mathsf {apwKE}}\) introduced by [15] for modeling resp. symmetric PAKE and asymmetric PAKE protocols. We refer to Sect. 2 for an overview of these functionalities, and to [15] for their full discussion.
The revised symmetric PAKE functionality\(\mathsf {F}_{\mathsf {rpwKE}}\) [15]
The asymmetric PAKE functionality\(\mathsf {F}_{\mathsf {apwKE}}\) [15]
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Hwang, J.Y., Jarecki, S., Kwon, T., Lee, J., Shin, J.S., Xu, J. (2018). Round-Reduced Modular Construction of Asymmetric Password-Authenticated Key Exchange. In: Catalano, D., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2018. Lecture Notes in Computer Science(), vol 11035. Springer, Cham. https://doi.org/10.1007/978-3-319-98113-0_26
Download citation
Published:
Publisher Name:Springer, Cham
Print ISBN:978-3-319-98112-3
Online ISBN:978-3-319-98113-0
eBook Packages:Computer ScienceComputer Science (R0)
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative