Round-reduced modular construction of asymmetric password-authenticated key exchange

Jung Yeon Hwang, Stanislaw Jarecki, Taekyoung Kwon, Joohee Lee, Ji Sun Shin, Jiayu Xu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Password-Authenticated Key Exchange (PAKE) establishes a shared key between two parties who hold the same password, assuring security against offline password-guessing attacks. The asymmetric PAKE (a.k.a. augmented or verifier-based PAKE) strengthens this notion by allowing one party, typically a server, to hold a one-way hash of the password, with the property that a compromise of the server allows the adversary to recover the password only via the offline dictionary attack against this hashed password. Today’s client-to-server Internet authentication is asymmetric, with the server holding only a (salted) password hash, but it relies on client’s trust in the server’s public key certificate. By contrast, cryptographic PAKE literature addresses the password-only setting, without assuming certified public keys, but it commonly does not address the asymmetric PAKE setting which is required for client-to-server authentication. The asymmetric PAKE (aPAKE) was defined in the Universally Composable (UC) framework by the work of Gentry et al. [15], who also provided a generic method of converting a UC PAKE to UC aPAKE, at the cost of two additional communication rounds. Motivated by practical applications of aPAKEs, in this paper we propose alternative methods for converting a UC PAKE to UC aPAKE, which use only one additional round. Moreover, since this extra message is sent from client to server, it does not add any round overhead in applications which require explicit client-to-server authentication. Importantly, this round-complexity reduction in the compiler comes at virtually no cost, since with respect to local computation and security assumptions our constructions are comparable to that of Gentry et al. [15].

Original languageEnglish
Title of host publicationSecurity and Cryptography for Networks - 11th International Conference, SCN 2018, Proceedings
EditorsDario Catalano, Roberto De Prisco
PublisherSpringer Verlag
Pages485-504
Number of pages20
ISBN (Print)9783319981123
DOIs
Publication statusPublished - 2018 Jan 1
Event11th International Conference on Security and Cryptography for Networks, SCN 2018 - Amalfi, Italy
Duration: 2018 Sep 52018 Sep 7

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11035 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other11th International Conference on Security and Cryptography for Networks, SCN 2018
CountryItaly
CityAmalfi
Period18/9/518/9/7

Fingerprint

Modular construction
Authenticated Key Exchange
Password
Servers
Server
Authentication
Public key
Glossaries
Attack
Local Computation
Internet
Certificate
Communication

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Hwang, J. Y., Jarecki, S., Kwon, T., Lee, J., Shin, J. S., & Xu, J. (2018). Round-reduced modular construction of asymmetric password-authenticated key exchange. In D. Catalano, & R. De Prisco (Eds.), Security and Cryptography for Networks - 11th International Conference, SCN 2018, Proceedings (pp. 485-504). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11035 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-98113-0_26
Hwang, Jung Yeon ; Jarecki, Stanislaw ; Kwon, Taekyoung ; Lee, Joohee ; Shin, Ji Sun ; Xu, Jiayu. / Round-reduced modular construction of asymmetric password-authenticated key exchange. Security and Cryptography for Networks - 11th International Conference, SCN 2018, Proceedings. editor / Dario Catalano ; Roberto De Prisco. Springer Verlag, 2018. pp. 485-504 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{8811c98a8c4144afb99d20327420c873,
title = "Round-reduced modular construction of asymmetric password-authenticated key exchange",
abstract = "Password-Authenticated Key Exchange (PAKE) establishes a shared key between two parties who hold the same password, assuring security against offline password-guessing attacks. The asymmetric PAKE (a.k.a. augmented or verifier-based PAKE) strengthens this notion by allowing one party, typically a server, to hold a one-way hash of the password, with the property that a compromise of the server allows the adversary to recover the password only via the offline dictionary attack against this hashed password. Today’s client-to-server Internet authentication is asymmetric, with the server holding only a (salted) password hash, but it relies on client’s trust in the server’s public key certificate. By contrast, cryptographic PAKE literature addresses the password-only setting, without assuming certified public keys, but it commonly does not address the asymmetric PAKE setting which is required for client-to-server authentication. The asymmetric PAKE (aPAKE) was defined in the Universally Composable (UC) framework by the work of Gentry et al. [15], who also provided a generic method of converting a UC PAKE to UC aPAKE, at the cost of two additional communication rounds. Motivated by practical applications of aPAKEs, in this paper we propose alternative methods for converting a UC PAKE to UC aPAKE, which use only one additional round. Moreover, since this extra message is sent from client to server, it does not add any round overhead in applications which require explicit client-to-server authentication. Importantly, this round-complexity reduction in the compiler comes at virtually no cost, since with respect to local computation and security assumptions our constructions are comparable to that of Gentry et al. [15].",
author = "Hwang, {Jung Yeon} and Stanislaw Jarecki and Taekyoung Kwon and Joohee Lee and Shin, {Ji Sun} and Jiayu Xu",
year = "2018",
month = "1",
day = "1",
doi = "10.1007/978-3-319-98113-0_26",
language = "English",
isbn = "9783319981123",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "485--504",
editor = "Dario Catalano and {De Prisco}, Roberto",
booktitle = "Security and Cryptography for Networks - 11th International Conference, SCN 2018, Proceedings",
address = "Germany",

}

Hwang, JY, Jarecki, S, Kwon, T, Lee, J, Shin, JS & Xu, J 2018, Round-reduced modular construction of asymmetric password-authenticated key exchange. in D Catalano & R De Prisco (eds), Security and Cryptography for Networks - 11th International Conference, SCN 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11035 LNCS, Springer Verlag, pp. 485-504, 11th International Conference on Security and Cryptography for Networks, SCN 2018, Amalfi, Italy, 18/9/5. https://doi.org/10.1007/978-3-319-98113-0_26

Round-reduced modular construction of asymmetric password-authenticated key exchange. / Hwang, Jung Yeon; Jarecki, Stanislaw; Kwon, Taekyoung; Lee, Joohee; Shin, Ji Sun; Xu, Jiayu.

Security and Cryptography for Networks - 11th International Conference, SCN 2018, Proceedings. ed. / Dario Catalano; Roberto De Prisco. Springer Verlag, 2018. p. 485-504 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11035 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Round-reduced modular construction of asymmetric password-authenticated key exchange

AU - Hwang, Jung Yeon

AU - Jarecki, Stanislaw

AU - Kwon, Taekyoung

AU - Lee, Joohee

AU - Shin, Ji Sun

AU - Xu, Jiayu

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Password-Authenticated Key Exchange (PAKE) establishes a shared key between two parties who hold the same password, assuring security against offline password-guessing attacks. The asymmetric PAKE (a.k.a. augmented or verifier-based PAKE) strengthens this notion by allowing one party, typically a server, to hold a one-way hash of the password, with the property that a compromise of the server allows the adversary to recover the password only via the offline dictionary attack against this hashed password. Today’s client-to-server Internet authentication is asymmetric, with the server holding only a (salted) password hash, but it relies on client’s trust in the server’s public key certificate. By contrast, cryptographic PAKE literature addresses the password-only setting, without assuming certified public keys, but it commonly does not address the asymmetric PAKE setting which is required for client-to-server authentication. The asymmetric PAKE (aPAKE) was defined in the Universally Composable (UC) framework by the work of Gentry et al. [15], who also provided a generic method of converting a UC PAKE to UC aPAKE, at the cost of two additional communication rounds. Motivated by practical applications of aPAKEs, in this paper we propose alternative methods for converting a UC PAKE to UC aPAKE, which use only one additional round. Moreover, since this extra message is sent from client to server, it does not add any round overhead in applications which require explicit client-to-server authentication. Importantly, this round-complexity reduction in the compiler comes at virtually no cost, since with respect to local computation and security assumptions our constructions are comparable to that of Gentry et al. [15].

AB - Password-Authenticated Key Exchange (PAKE) establishes a shared key between two parties who hold the same password, assuring security against offline password-guessing attacks. The asymmetric PAKE (a.k.a. augmented or verifier-based PAKE) strengthens this notion by allowing one party, typically a server, to hold a one-way hash of the password, with the property that a compromise of the server allows the adversary to recover the password only via the offline dictionary attack against this hashed password. Today’s client-to-server Internet authentication is asymmetric, with the server holding only a (salted) password hash, but it relies on client’s trust in the server’s public key certificate. By contrast, cryptographic PAKE literature addresses the password-only setting, without assuming certified public keys, but it commonly does not address the asymmetric PAKE setting which is required for client-to-server authentication. The asymmetric PAKE (aPAKE) was defined in the Universally Composable (UC) framework by the work of Gentry et al. [15], who also provided a generic method of converting a UC PAKE to UC aPAKE, at the cost of two additional communication rounds. Motivated by practical applications of aPAKEs, in this paper we propose alternative methods for converting a UC PAKE to UC aPAKE, which use only one additional round. Moreover, since this extra message is sent from client to server, it does not add any round overhead in applications which require explicit client-to-server authentication. Importantly, this round-complexity reduction in the compiler comes at virtually no cost, since with respect to local computation and security assumptions our constructions are comparable to that of Gentry et al. [15].

UR - http://www.scopus.com/inward/record.url?scp=85053640077&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85053640077&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-98113-0_26

DO - 10.1007/978-3-319-98113-0_26

M3 - Conference contribution

SN - 9783319981123

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 485

EP - 504

BT - Security and Cryptography for Networks - 11th International Conference, SCN 2018, Proceedings

A2 - Catalano, Dario

A2 - De Prisco, Roberto

PB - Springer Verlag

ER -

Hwang JY, Jarecki S, Kwon T, Lee J, Shin JS, Xu J. Round-reduced modular construction of asymmetric password-authenticated key exchange. In Catalano D, De Prisco R, editors, Security and Cryptography for Networks - 11th International Conference, SCN 2018, Proceedings. Springer Verlag. 2018. p. 485-504. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-98113-0_26