Skip to main content
Springer Nature Link
Log in

Round-Reduced Modular Construction of Asymmetric Password-Authenticated Key Exchange

  • Conference paper
  • First Online:
Security and Cryptography for Networks (SCN 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11035))

Included in the following conference series:

  • 1550 Accesses

Abstract

Password-Authenticated Key Exchange (PAKE) establishes a shared key between two parties who hold the same password, assuring security against offline password-guessing attacks. The asymmetric PAKE (a.k.a. augmented or verifier-based PAKE) strengthens this notion by allowing one party, typically a server, to hold a one-way hash of the password, with the property that a compromise of the server allows the adversary to recover the password only via the offline dictionary attack against this hashed password. Today’s client-to-server Internet authentication is asymmetric, with the server holding only a (salted) password hash, but it relies on client’s trust in the server’s public key certificate. By contrast, cryptographic PAKE literature addresses the password-only setting, without assuming certified public keys, but it commonly does not address the asymmetric PAKE setting which is required for client-to-server authentication.

The asymmetric PAKE (aPAKE) was defined in the Universally Composable (UC) framework by the work of Gentry et al. [15], who also provided a generic method of converting a UC PAKE to UC aPAKE, at the cost of two additional communication rounds. Motivated by practical applications of aPAKEs, in this paper we propose alternative methods for converting a UC PAKE to UC aPAKE, which use only one additional round. Moreover, since this extra message is sent from client to server, it does not add any round overhead in applications which require explicit client-to-server authentication. Importantly, this round-complexity reduction in the compiler comes at virtually no cost, since with respect to local computation and security assumptions our constructions are comparable to that of Gentry et al. [15].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The compiler of [16] also adds up to 2 extra rounds to the aPAKE protocol, but for example in the case of any of our aPAKE constructions instantiated with the PAKE of Abdalla et al. [1] (see Fig. 4), the OPRF instance in the compiler of [16] would be piggybacked with the first two protocol flows, so the resulting privately salted UC aPAKE would have the same 3 rounds.

References

  1. Abdalla, M., Catalano, D., Chevalier, C., Pointcheval, D.: Efficient two-party password-based key exchange protocols in the UC framework. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 335–351. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79263-5_22

    Chapter  MATH  Google Scholar 

  2. Abdalla, M., Chevassut, O., Pointcheval, D.: One-time verifier-based encrypted key exchange. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 47–64. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30580-4_5

    Chapter  MATH  Google Scholar 

  3. Abdalla, M., Pointcheval, D.: Simple password-based encrypted key exchange protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30574-3_14

    Chapter  Google Scholar 

  4. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_11

    Chapter  Google Scholar 

  5. Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE Computer Society Symposium on Research in Security and Privacy - S&P 1992, pp. 72–84. IEEE (1992)

    Google Scholar 

  6. Bellovin, S.M., Merritt, M.: Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise. In: ACM Conference on Computer and Communications Security - CCS 1993, pp. 244–250. ACM (1993)

    Google Scholar 

  7. Benhamouda, F., Pointcheval, D.: Verifier-based password-authenticated key exchange: new models and constructions. IACR Cryptology ePrint Archive 2013:833 (2013)

    Google Scholar 

  8. Bernstein, D.J., Hamburg, M., Krasnova, A., Lange, T.: Elligator: elliptic-curve points indistinguishable from uniform random strings. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & #38; Communications Security, CCS 2013, pp. 967–980. ACM, New York (2013)

    Google Scholar 

  9. Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_12

    Chapter  Google Scholar 

  10. Camenisch, J., Casati, N., Gross, T., Shoup, V.: Credential authenticated identification and key exchange. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 255–276. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_14

    Chapter  Google Scholar 

  11. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: IEEE Symposium on Foundations of Computer Science - FOCS 2001, pp. 136–145. IEEE (2001)

    Google Scholar 

  12. Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_24

    Chapter  Google Scholar 

  13. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    Chapter  Google Scholar 

  14. Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_33

    Chapter  Google Scholar 

  15. Gentry, C., MacKenzie, P., Ramzan, Z.: A method for making password-based key exchange resilient to server compromise. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 142–159. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_9

    Chapter  Google Scholar 

  16. Jarecki, S., Krawczyk, H., Xu, J.: OPAQUE: An Asymmetric PAKE Protocol Secure Against Pre-computation Attacks. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 456–486. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_15

    Chapter  Google Scholar 

  17. Jutla, C., Roy, A.: Relatively-sound NIZKs and password-based key-exchange. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 485–503. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30057-8_29

    Chapter  MATH  Google Scholar 

  18. Jutla, C.S., Roy, A.: Dual-system simulation-soundness with applications to UC-PAKE and more. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 630–655. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_26

    Chapter  Google Scholar 

  19. Jutla, C.S., Roy, A.: Smooth NIZK arguments with applications to asymmetric UC-PAKE and threshold-IBE. IACR Cryptology ePrint Archive 2016:233 (2016)

    Google Scholar 

  20. Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_29

    Chapter  Google Scholar 

  21. Katz, J., Vaikuntanathan, V.: Round-optimal password-based authenticated key exchange. J. Cryptol. 26(4), 714–743 (2013)

    Article  MathSciNet  Google Scholar 

  22. Kiefer, F., Manulis, M.: Zero-knowledge password policy checks and verifier-based PAKE. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 295–312. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_17

    Chapter  Google Scholar 

  23. MacKenzie, P.: More efficient password-authenticated key exchange. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 361–377. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45353-9_27

    Chapter  Google Scholar 

  24. MacKenzie, P., Patel, S., Swaminathan, R.: Password-authenticated key exchange based on RSA. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 599–613. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_46

    Chapter  Google Scholar 

  25. National Institute of Standards and Technology, U.S. Fips pub 186-4: Digital Signature Standard (DSS), July 2013. https://csrc.nist.gov. Accessed 2013

  26. Tibouchi, M., Kim, T.: Improved elliptic curve hashing and point representation. Des. Codes Cryptogr. 82(1–2), 161–177 (2017)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgements

This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government, Ministry of Science and ICT (MSIT) (No. 2016-0-00097, Development of Biometrics-Based Key Infrastructure Technology for Online Identification, and No. 2018-0-01369, Developing blockchain identity management system with implicit augmented authentication and privacy protection for O2O services), and supported by the MSIT, Korea, under the ITRC (Information Technology Research Center) support programs (IITP-2018-0-01423, and IITP-2018-2016-0-00304) supervised by the IITP. This work was also supported by Samsung Research Funding Center of Samsung Electronics under Project (No. SRFC-TB1403-52). We would like to thank anonymous SCN 2018 reviewers for their valuable comments.

Author information

Authors and Affiliations

  1. Electronics and Telecommunications Research Institute, Daejeon, Republic of Korea

    Jung Yeon Hwang

  2. University of California, Irvine, USA

    Stanislaw Jarecki & Jiayu Xu

  3. Yonsei University, Seoul, Republic of Korea

    Taekyoung Kwon

  4. Seoul National University, Seoul, Republic of Korea

    Joohee Lee

  5. Sejong University, Seoul, Republic of Korea

    Ji Sun Shin

Authors
  1. Jung Yeon Hwang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stanislaw Jarecki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Taekyoung Kwon
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Joohee Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ji Sun Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jiayu Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joohee Lee .

Editor information

Editors and Affiliations

  1. University of Catania, Catania, Italy

    Dario Catalano

  2. University of Salerno, Fisciano, Italy

    Roberto De Prisco

 A UC Password Authentication Functionalities

 A UC Password Authentication Functionalities

For reference we include the specification of functionalities \(\mathsf {F}_{\mathsf {rpwKE}}\) and \(\mathsf {F}_{\mathsf {apwKE}}\) introduced by [15] for modeling resp. symmetric PAKE and asymmetric PAKE protocols. We refer to Sect. 2 for an overview of these functionalities, and to [15] for their full discussion.

Fig. 5.
figure 5

The revised symmetric PAKE functionality \(\mathsf {F}_{\mathsf {rpwKE}}\) [15]

Full size image
Fig. 6.
figure 6

The asymmetric PAKE functionality \(\mathsf {F}_{\mathsf {apwKE}}\) [15]

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hwang, J.Y., Jarecki, S., Kwon, T., Lee, J., Shin, J.S., Xu, J. (2018). Round-Reduced Modular Construction of Asymmetric Password-Authenticated Key Exchange. In: Catalano, D., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2018. Lecture Notes in Computer Science(), vol 11035. Springer, Cham. https://doi.org/10.1007/978-3-319-98113-0_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-98113-0_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-98112-3

  • Online ISBN: 978-3-319-98113-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics