Password-Authenticated Key Exchange (PAKE) establishes a shared key between two parties who hold the same password, assuring security against offline password-guessing attacks. The asymmetric PAKE (a.k.a. augmented or verifier-based PAKE) strengthens this notion by allowing one party, typically a server, to hold a one-way hash of the password, with the property that a compromise of the server allows the adversary to recover the password only via the offline dictionary attack against this hashed password. Today’s client-to-server Internet authentication is asymmetric, with the server holding only a (salted) password hash, but it relies on client’s trust in the server’s public key certificate. By contrast, cryptographic PAKE literature addresses the password-only setting, without assuming certified public keys, but it commonly does not address the asymmetric PAKE setting which is required for client-to-server authentication. The asymmetric PAKE (aPAKE) was defined in the Universally Composable (UC) framework by the work of Gentry et al. , who also provided a generic method of converting a UC PAKE to UC aPAKE, at the cost of two additional communication rounds. Motivated by practical applications of aPAKEs, in this paper we propose alternative methods for converting a UC PAKE to UC aPAKE, which use only one additional round. Moreover, since this extra message is sent from client to server, it does not add any round overhead in applications which require explicit client-to-server authentication. Importantly, this round-complexity reduction in the compiler comes at virtually no cost, since with respect to local computation and security assumptions our constructions are comparable to that of Gentry et al. .
|Title of host publication||Security and Cryptography for Networks - 11th International Conference, SCN 2018, Proceedings|
|Editors||Dario Catalano, Roberto De Prisco|
|Number of pages||20|
|Publication status||Published - 2018|
|Event||11th International Conference on Security and Cryptography for Networks, SCN 2018 - Amalfi, Italy|
Duration: 2018 Sep 5 → 2018 Sep 7
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Other||11th International Conference on Security and Cryptography for Networks, SCN 2018|
|Period||18/9/5 → 18/9/7|
Bibliographical noteFunding Information:
Acknowledgements. This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government, Ministry of Science and ICT (MSIT) (No. 2016-0-00097, Development of Biometrics-Based Key Infrastructure Technology for Online Identification, and No. 2018-0-01369, Developing blockchain identity management system with implicit augmented authentication and privacy protection for O2O services), and supported by the MSIT, Korea, under the ITRC (Information Technology Research Center) support programs (IITP-2018-0-01423, and IITP-2018-2016-0-00304) supervised by the IITP. This work was also supported by Samsung Research Funding Center of Samsung Electronics under Project (No. SRFC-TB1403-52). We would like to thank anonymous SCN 2018 reviewers for their valuable comments.
All Science Journal Classification (ASJC) codes
- Theoretical Computer Science
- Computer Science(all)