Skip to main content

Auditable Asymmetric Password Authenticated Public Key Establishment

  • Conference paper
  • First Online:
Cryptology and Network Security (CANS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13641))

Included in the following conference series:

  • 626 Accesses

Abstract

Non-repudiation of user messages is a desirable feature in a number of online applications, but it requires digital signatures and certified cryptographic keys. Unfortunately, the adoption of cryptographic keys often results in poor usability, as users must either carry around their private keys (e.g., in a smart-card) or store them in all of their devices. A user-friendly alternative, adopted by several companies and national administrations, is based on so-called “cloud-based PKI certificates”. In a nutshell, each user has a certified key-pair stored at a server in the cloud; users authenticate to the server—via passwords or one-time codes—and ask it to sign messages on their behalf. However, moving the key-pair from user-private storage to the cloud impairs non-repudiation. In fact, users can always deny having signed a message, by claiming that the signature was produced by the allegedly malicious server without their consent. In this paper we present Auditable Asymmetric Password Authenticated Public Key Establishment (\(\textsf{A}{^2}\textsf{PAKE}\)), a cloud-based solution to allow users to manage their signing key-pairs that (i) has the same usability of cloud-based PKI certificates, and (ii) guarantees non-repudiation of signatures. We do so by introducing a new ideal functionality in the Universal Composability framework named \(\mathcal {F} _{\textsf{A}{^2}\textsf{PAKE}}\). The functionality is password-based and allows to generate asymmetric key-pairs, where the public key is output to all the parties, but the secret key is the private output of a single one (e.g., the user). Further, the functionality is auditable: given a public key output by the functionality, a server can prove to a third party (i.e., a judge) that the corresponding secret key is held by a specific user. Thus, if a user signs messages with the secret key obtained via \(\textsf{A}{^2}\textsf{PAKE}\), then signatures are non-repudiable. We provide an efficient instantiation based on distributed oblivious pseudo-random functions for signature schemes based on DLOG. We also develop a prototype implementation of our instantiation and use it to evaluate its performance in realistic settings.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://oauth.net/.

  2. 2.

    In our protocol the client sends a NIZK proof-of-knowledge of discrete log, to avoid that the adversary re-uses such proofs in different protocol executions we label the NIZKs using the session identifiers of the protocol executions.

  3. 3.

    For simplicity, we consider only the two-server scenario, and leave the extension of the ideal functionality to more than two servers as future work.

  4. 4.

    The choice of the signature scheme is arbitrary and taken for the sake of simplicity. Indeed, with minor modifications to the protocol we could use any EUF-CMA secure signature scheme.

  5. 5.

    http://charm-crypto.io/.

References

  1. Agrawal, S., Miao, P., Mohassel, P., Mukherjee, P.: PASTA: PASsword-based threshold authentication. In: ACM CCS 2018. ACM Press (2018)

    Google Scholar 

  2. Aruba S.p.A.: Firma Digitale Remota (2019) www.aruba.it

    Google Scholar 

  3. Ascertia Limited: SignHub (2019). https://www.signinghub.com/

  4. Bagherzandi, A., Jarecki, S., Saxena, N., Lu, Y.: Password-protected secret sharing. In: ACM CCS 2011. ACM Press (2011)

    Google Scholar 

  5. Baum, C., Frederiksen, T.K., Hesse, J., Lehmann, A., Yanai, A.: PESTO: proactively secure distributed single sign-on, or how to trust a hacked server. In: IEEE EuroS &P, pp. 587–606. IEEE (2020). https://doi.org/10.1109/EuroSP48549.2020.00044,https://doi.org/10.1109/EuroSP48549.2020.00044

  6. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_11

    Chapter  Google Scholar 

  7. Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_12

    Chapter  Google Scholar 

  8. Bradley, T., Camenisch, J., Jarecki, S., Lehmann, A., Neven, G., Xu, J.: Password-authenticated public-key encryption. In: Deng, R.H., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 442–462. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21568-2_22

    Chapter  Google Scholar 

  9. Camenisch, J., Lehmann, A., Neven, G., Samelin, K.: Virtual smart cards: how to sign with a password and a server. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 353–371. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44618-9_19

    Chapter  MATH  Google Scholar 

  10. Camenisch, J., Lysyanskaya, A., Neven, G.: Practical yet universally composable two-server password-authenticated secret sharing. In: ACM CCS 2012. ACM Press (2012)

    Google Scholar 

  11. Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42nd FOCS. IEEE Computer Society Press (2001)

    Google Scholar 

  12. Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_24

    Chapter  Google Scholar 

  13. Das, P., Hesse, J., Lehmann, A.: DPaSE: Distributed password-authenticated symmetric encryption. Cryptology ePrint Archive, Report 2020/1443 (2020). https://eprint.iacr.org/2020/1443

  14. EU Parliament: eIDAS Regulation (Regulation (EU) N 910/2014) (2014). https://cutt.ly/TCn4MhM

  15. Everspaugh, A., Chatterjee, R., Scott, S., Juels, A., Ristenpart, T.: The pythia PRF service. In: USENIX Security 2015. USENIX Association (2015)

    Google Scholar 

  16. Faonio, A., González Vasco, M.I., Soriente, C., Truong, H.T.T.: Auditable asymmetric password authenticated public key establishment. Cryptology ePrint Archive, Report 2020/060 (2020). https://eprint.iacr.org/2020/060

  17. Petkova-Nikova, S., Pashalidis, A., Pernul, G. (eds.): EuroPKI 2011. LNCS, vol. 7163. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29804-2

    Book  Google Scholar 

  18. Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. /textbf17(2), 281–308 (1988)

    Google Scholar 

  19. Groth, J.: Simulation-sound nizk proofs for a practical language and constant size group signatures. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 444–459. Springer, Heidelberg (2006). https://doi.org/10.1007/11935230_29

    Chapter  Google Scholar 

  20. Identidad Electrónica para las Administraciones - Gobierno de España: Clave Firma (2019). https://clave.gob.es/clave_Home/dnin.html

  21. Jarecki, S., Kiayias, A., Krawczyk, H.: Round-optimal password-protected secret sharing and t-pake in the password-only model. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 233–253. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_13

    Chapter  MATH  Google Scholar 

  22. Jarecki, S., Kiayias, A., Krawczyk, H., Xu, J.: Highly-efficient and composable password-protected secret sharing (or: How to protect your bitcoin wallet online). In: IEEE EuroS &P, pp. 276–291. IEEE (2016)

    Google Scholar 

  23. Jarecki, S., Kiayias, A., Krawczyk, H., Xu, J.: TOPPSS: cost-minimal password-protected secret sharing based on threshold oprf. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 39–58. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_3

    Chapter  Google Scholar 

  24. Jarecki, S., Krawczyk, H., Shirvanian, M., Saxena, N.: Device-enhanced password protocols with optimal online-offline protection. In: ASIACCS 16. ACM Press (2016)

    Google Scholar 

  25. Jarecki, S., Krawczyk, H., Xu, J.: OPAQUE: an asymmetric pake protocol secure against pre-computation attacks. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 456–486. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_15

    Chapter  Google Scholar 

  26. Katz, J., MacKenzie, P., Taban, G., Gligor, V.: Two-server password-only authenticated key exchange. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 1–16. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_1

    Chapter  Google Scholar 

  27. Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_29

    Chapter  Google Scholar 

  28. Kiefer, F., Manulis, M.: Distributed smooth projective hashing and its application to two-server password authenticated key exchange. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 199–216. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07536-5_13

    Chapter  MATH  Google Scholar 

  29. Lai, R.W.F., Egger, C., Reinert, M., Chow, S.S.M., Maffei, M., Schröder, D.: Simple password-hardened encryption services. In: USENIX Security 2018. USENIX Association (2018)

    Google Scholar 

  30. Lai, R.W.F., Egger, C., Schröder, D., Chow, S.S.M.: Phoenix: Rebirth of a cryptographic password-hardening service. In: USENIX Security 2017. USENIX Association (2017)

    Google Scholar 

  31. MacKenzie, P., Shrimpton, T., Jakobsson, M.: Threshold password-authenticated key exchange. J. Cryptology 19(1), 27–66 (2005). https://doi.org/10.1007/s00145-005-0232-5

    Article  MathSciNet  MATH  Google Scholar 

  32. Moriarty, K., Kaliski, B., Rusch, A.: Pkcs#5: Password-based cryptography specification version 2.1. Tech. Rep. RFC8010, Internet Engineering Task Force (IETF) (2017). https://tools.ietf.org/html/rfc8018

  33. Park, D.G., Boyd, C., Moon, S.-J.: Forward secrecy and its application to future mobile communications security. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 433–445. Springer, Heidelberg (2000). https://doi.org/10.1007/978-3-540-46588-1_29

    Chapter  Google Scholar 

  34. Schneider, J., Fleischhacker, N., Schröder, D., Backes, M.: Efficient cryptographic password hardening services from partially oblivious commitments. In: ACM CCS 2016. ACM Press (2016)

    Google Scholar 

  35. Step Over International: WebSignatureOffice (2019). https://www.websignatureoffice.com/us/

Download references

Acknowledgements

M.I.G. Vasco is supported by research grant PID2019- 109379RB-100 from Spanish MINECO. Antonio Faonio is partially supported by the MESRI-BMBF French-German joint project named PROPOLIS (ANR-20-CYAL-0004–01).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Claudio Soriente .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Faonio, A., Vasco, M.I.G., Soriente, C., Truong, H.T.T. (2022). Auditable Asymmetric Password Authenticated Public Key Establishment. In: Beresford, A.R., Patra, A., Bellini, E. (eds) Cryptology and Network Security. CANS 2022. Lecture Notes in Computer Science, vol 13641. Springer, Cham. https://doi.org/10.1007/978-3-031-20974-1_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-20974-1_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-20973-4

  • Online ISBN: 978-3-031-20974-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics