Achieving One-Round Password-Based Authenticated Key Exchange over Lattices

Abstract

<i>Password-based authenticated key exchange</i> (<inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq1-2939836.gif"/></alternatives></inline-formula>) protocol, a widely used authentication mechanism to realize secure communication, allows protocol participants to establish a high-entropy session key by pre-sharing a low-entropy password. An open challenge in <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq2-2939836.gif"/></alternatives></inline-formula> is how to design a quantum-resistant round-optimal <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq3-2939836.gif"/></alternatives></inline-formula>. To solve this challenge, lattice-based cryptography is a promising candidate for post-quantum cryptography. In addition, Katz and Vaikuntanathan (ASIACRYPT&#x2019;09) design the first <i>three-round</i> <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq4-2939836.gif"/></alternatives></inline-formula> protocol by leveraging the smooth projective hash function (<inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq5-2939836.gif"/></alternatives></inline-formula>) over lattices. Subsequently, Zhang and Yu (AISACRYPT&#x2019;17) optimized Katz-Vaikuntanathan&#x2019;s approximate <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq6-2939836.gif"/></alternatives></inline-formula> via a splittable public key encryption. They then constructed a <i>two-round</i> <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq7-2939836.gif"/></alternatives></inline-formula> by using the simulation-sound non-interactive zero-knowledge (NIZK) proofs, but how to construct a lattice-based simulation-sound NIZK remains an open research question. In other words, how to design a one-round <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq8-2939836.gif"/></alternatives></inline-formula> via an efficient lattice-based <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq9-2939836.gif"/></alternatives></inline-formula> still remains a challenge. In this work, we attempt to fill this gap by proposing a lattice-based <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq10-2939836.gif"/></alternatives></inline-formula> with adaptive smoothness. We then obtain a <i>one-round</i> <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq11-2939836.gif"/></alternatives></inline-formula> protocol over lattices with rigorous security analysis by integrating the proposed <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq12-2939836.gif"/></alternatives></inline-formula> into the one-round framework proposed by Katz and Vaikuntananthan (TCC&#x2019;11). Furthermore, we explore the possibilities of achieving two-round <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq13-2939836.gif"/></alternatives></inline-formula> and universal composable (UC) security from our <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq14-2939836.gif"/></alternatives></inline-formula>, and show the potential application of our <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq15-2939836.gif"/></alternatives></inline-formula> in Internet of Things (IoTs) where communication cost is the main consideration.