Abstract
Password-based authenticated key exchange (PAKE) allows participants sharing low-entropy passwords to agree on cryptographically strong session keys over insecure networks. In this paper, we present two PAKE protocols from lattices in the two-party and three-party settings, respectively, which can resist quantum attacks and achieve mutual authentication. The protocols in this paper achieve two rounds of communication by carefully utilizing the splittable properties of the underlying primitive, a CCA (Chosen-Ciphertext Attack)-secure public key encryption (PKE) scheme with associated nonadaptive approximate smooth projection hash (NA-ASPH) system. Compared with other related protocols, the proposed two-round PAKE protocols have relatively less communication and computation overhead. In particular, the two-round 3PAKE is more practical in large-scale communication systems.
Highlights
Password-based authentication key exchange (PAKE) is theoretically fascinating, since it allows participants sharing short, low-entropy passwords to agree on cryptographically strong session keys over insecure networks [1, 2]
We present efficient new constructions of 2PAKE and 3PAKE based on the learning with error (LWE) problem based on ideas of [1, 34, 35]
Based on Σ ðGen, Enc, DecÞ, we introduce the ε-Nonadaptive Approximate Smooth Projective Hash (NAASPH) function defined by the sampling algorithm, which outputs ðK, l, H = fHk : X ⟶ f0, 1glg, S, α : K ⟶ SÞ given the public key pk of Σ, such that
Summary
Password-based authentication key exchange (PAKE) is theoretically fascinating, since it allows participants sharing short, low-entropy passwords to agree on cryptographically strong session keys over insecure networks [1, 2]. The first efficient PAKE protocol under standard model was proposed by Katz et al [7] They utilized CCA2 (Adaptive Chosen-Ciphertext Attack)-secure encryption system and corresponding smooth projection hash (SPH) function for key exchange to construct their scheme. Ye et al [35] proposed the first 3PAKE protocol based on the JG/GK framework from lattices, and they proved its security under the standard model. This is a three-round protocol that implements explicit mutual authentication between the client and the server. Zhang et al [1] applied a splittable public key encryption system to the KOY/GL framework and proposed a lattice-based PAKE, requiring only two-round communication, so it is more efficient. The proposed two-round 3PAKE is adaptable to large-scale communication systems
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call