Password-based Authenticated Key Exchange Protocol Research Articles

Smooth Projective Hash Function From Codes and its Applications

Nowadays, Smooth Projective Hash Functions (SPHFs) play an important role in constructing cryptographic tools such as secure Password-based Authenticated Key Exchange (PAKE) protocol in the standard model, oblivious transfer, and zero-knowledge proofs. Specifically, in this article, we focus on constructing PAKE protocol; that is, a kind of key exchange protocol which needs only a low entropy password to produce a cryptographically strong shared session key. In spite of relatively good progress of SPHFs in applications, it seems there has been little effort to build them upon quantum-resistant assumptions such as lattice-based cryptography and code-based cryptography to make them secure against quantum computer attacks. More precisely, there are two proposals based on lattice assumptions that utilize the SPHFs to construct PAKE secured in standard model. Considering quantum-resistant assumptions is less than straightforward and needs some relaxations. In this article, we introduce two new Approximate SPHF (ASPHFs) from error-correcting codes. Upon designing ASPHF, we can construct two efficient PAKE protocols. The security of our protocols could be proved based on the hardness of bounded decoding (BD) problem and learning with parity (LPN) problem in the standard model.

Achieving One-Round Password-Based Authenticated Key Exchange over Lattices

<i>Password-based authenticated key exchange</i> (<inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq1-2939836.gif"/></alternatives></inline-formula>) protocol, a widely used authentication mechanism to realize secure communication, allows protocol participants to establish a high-entropy session key by pre-sharing a low-entropy password. An open challenge in <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq2-2939836.gif"/></alternatives></inline-formula> is how to design a quantum-resistant round-optimal <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq3-2939836.gif"/></alternatives></inline-formula>. To solve this challenge, lattice-based cryptography is a promising candidate for post-quantum cryptography. In addition, Katz and Vaikuntanathan (ASIACRYPT&#x2019;09) design the first <i>three-round</i> <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq4-2939836.gif"/></alternatives></inline-formula> protocol by leveraging the smooth projective hash function (<inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq5-2939836.gif"/></alternatives></inline-formula>) over lattices. Subsequently, Zhang and Yu (AISACRYPT&#x2019;17) optimized Katz-Vaikuntanathan&#x2019;s approximate <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq6-2939836.gif"/></alternatives></inline-formula> via a splittable public key encryption. They then constructed a <i>two-round</i> <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq7-2939836.gif"/></alternatives></inline-formula> by using the simulation-sound non-interactive zero-knowledge (NIZK) proofs, but how to construct a lattice-based simulation-sound NIZK remains an open research question. In other words, how to design a one-round <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq8-2939836.gif"/></alternatives></inline-formula> via an efficient lattice-based <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq9-2939836.gif"/></alternatives></inline-formula> still remains a challenge. In this work, we attempt to fill this gap by proposing a lattice-based <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq10-2939836.gif"/></alternatives></inline-formula> with adaptive smoothness. We then obtain a <i>one-round</i> <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq11-2939836.gif"/></alternatives></inline-formula> protocol over lattices with rigorous security analysis by integrating the proposed <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq12-2939836.gif"/></alternatives></inline-formula> into the one-round framework proposed by Katz and Vaikuntananthan (TCC&#x2019;11). Furthermore, we explore the possibilities of achieving two-round <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq13-2939836.gif"/></alternatives></inline-formula> and universal composable (UC) security from our <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq14-2939836.gif"/></alternatives></inline-formula>, and show the potential application of our <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq15-2939836.gif"/></alternatives></inline-formula> in Internet of Things (IoTs) where communication cost is the main consideration.

Two-Round Password-Based Authenticated Key Exchange from Lattices

Password-based authenticated key exchange (PAKE) allows participants sharing low-entropy passwords to agree on cryptographically strong session keys over insecure networks. In this paper, we present two PAKE protocols from lattices in the two-party and three-party settings, respectively, which can resist quantum attacks and achieve mutual authentication. The protocols in this paper achieve two rounds of communication by carefully utilizing the splittable properties of the underlying primitive, a CCA (Chosen-Ciphertext Attack)-secure public key encryption (PKE) scheme with associated nonadaptive approximate smooth projection hash (NA-ASPH) system. Compared with other related protocols, the proposed two-round PAKE protocols have relatively less communication and computation overhead. In particular, the two-round 3PAKE is more practical in large-scale communication systems.

Comments on “Provably Secure Dynamic Id-Based Anonymous Two-Factor Authenticated Key Exchange Protocol With Extended Security Model”

Password-based authenticated key exchange (PAKE) protocol has been widely used in practice, since it is convenient for users. However, the easy-to-remember property of the password also brings security problem. In this paper, we show there is an off-line dictionary attack in an efficient PAKE protocol when the smart card is lost. In order to resist the attack, we give a countermeasure to improve it. The countermeasure makes a simple change to the original protocol which does not affect the efficiency of the protocol.

Provably Leakage-Resilient Password-Based Authenticated Key Exchange in the Standard Model

The password-based authenticated key exchange (PAKE) protocol is one of most practical cryptographic primitives for trusted computing, which is used to securely authenticate devices’ identities and generate shared session keys among devices in insecure environments by using a short, human-memorable password. With the fast development of the Internet of Things (IoT), new challenges regarding PAKE have emerged. The traditional PAKE protocols are completely insecure in IoT environments, since there are many kinds of side-channel attacks. Therefore, it is very important to model and design leakage-resilient (LR) PAKE protocols. However, there has been no prior work on modeling and constructing LR PAKE protocols. In this paper, we first formalize an LR eCK security model for PAKE based on the eCK-secure PAKE model and the only computation leakage model. Then, we propose the first LR PAKE protocol by using Diffie-Hellman key exchange, LR storage (LRS) and LR refreshing of LRS appropriately and formally present a security proof in the standard model.

Scalable protocol for cross-domain group password-based authenticated key exchange

Cross-domain password-based authenticated key exchange (PAKE) protocols have been studied for many years. However, these protocols are mainly focusing on multi-participant within a single domain in an open network environment. This paper proposes a novel approach for designing a cross-domain group PAKE protocol, that primarily handles with the setting of multi-participant in the multi-domain. Moreover, our protocol is proved secure against active adversary in the Real-or-Random (ROR) model. In our protocol, no interaction occurs between any two domain authentication servers. They are regarded as ephemeral certificate authorities (CAs) to certify key materials that participants might subsequently use to exchange and agree on group session key. We further justify the computational complexity and measure the average computation time of our protocol. To the best of our knowledge, this is the first work to analyze and discuss a provably secure multi-participant cross-domain group PAKE protocol.

Cryptanalysis and Improvement of a Password-Based Authenticated Three-Party Key Exchange Protocol

Protocols for password-based authenticated key exchange (PAKE) in the three-party setting must be designed to be secure against dictionary attacks even in the presence of a malicious insider. In this work, we revisit the three-party PAKE protocol proposed by Kim and Choi in 2009, and demonstrate that the protocol is vulnerable to an insider offline dictionary attack (which allows an adversary to impersonate a legitimate party and initiate transactions). We also show that due to the vulnerability, Kim and Choi’s protocol is rendered insecure in the in distinguish ability-based security model of Bellare, Pointcheval and Rogaway (2000). We propose an improved three-party PAKE protocol which is resistant to all classes of dictionary attacks, including insider offline dictionary attacks and undetectable online dictionary attacks.

Dictionary Attacks against Password-Based Authenticated Three-Party Key Exchange Protocols

A three-party password-based authenticated key exchange (PAKE) protocol allows two clients registered with a trusted server to generate a common cryptographic key from their individual passwords shared only with the server. A key requirement for three-party PAKE protocols is to prevent an adversary from mounting a dictionary attack. This requirement must be met even when the adversary is a malicious (registered) client who can set up normal protocol sessions with other clients. This work revisits three existing three-party PAKE protocols, namely, Guo et al.’s (2008) protocol, Huang’s (2009) protocol, and Lee and Hwang’s (2010) protocol, and demonstrates that these protocols are not secure against offline and/or (undetectable) online dictionary attacks in the presence of a malicious client. The offline dictionary attack we present against Guo et al.’s protocol also applies to other similar protocols including Lee and Hwang’s protocol. We conclude with some suggestions on how to design a three-party PAKE protocol that is resistant against dictionary attacks.

Simple and efficient password-based authenticated key exchange protocol

Password-based authenticated key exchange (PAKE) protocols are cryptographic primitives which enable two entities, who only share a memorable password, to identify each other and to communicate over a public unreliable network with a secure session key. In this paper, we propose a simple, efficient and provably secure PAKE protocol based on Diffie-Hellman key exchange and cryptographic hash function. Our protocol is secure against dictionary attacks. Its security is proved based on the hardness of the computational Diffie-Hellman problem in the random oracle model.

Password-based authenticated key exchange in the three-party setting

Password-based authenticated key exchange (PAKE) consists of protocols which are designed to be secure even when the secret key used for authentication is a human-memorable password. In the article, the authors consider PAKE protocols in the 3-party scenario, in which the users trying to establish a common secret do not share a password between themselves but only with a trusted server. Towards their goal, the authors recall some of the existing security notions for PAKE protocols and introduce new ones that are more suitable to the case of generic constructions of 3-party protocols. The authors then present a natural generic construction of a 3-party PAKE protocol from any 2-party PAKE protocol and prove its security. To the best of the authors knowledge, the new protocol is the first provably secure PAKE protocol in the 3-party setting.