Round-reduced modular construction of asymmetric password-authenticated key exchange

Jung Yeon Hwang, Stanislaw Jarecki, Taekyoung Kwon, Joohee Lee, Ji Sun Shin, Jiayu Xu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Password-Authenticated Key Exchange (PAKE) establishes a shared key between two parties who hold the same password, assuring security against offline password-guessing attacks. The asymmetric PAKE (a.k.a. augmented or verifier-based PAKE) strengthens this notion by allowing one party, typically a server, to hold a one-way hash of the password, with the property that a compromise of the server allows the adversary to recover the password only via the offline dictionary attack against this hashed password. Today’s client-to-server Internet authentication is asymmetric, with the server holding only a (salted) password hash, but it relies on client’s trust in the server’s public key certificate. By contrast, cryptographic PAKE literature addresses the password-only setting, without assuming certified public keys, but it commonly does not address the asymmetric PAKE setting which is required for client-to-server authentication. The asymmetric PAKE (aPAKE) was defined in the Universally Composable (UC) framework by the work of Gentry et al. [15], who also provided a generic method of converting a UC PAKE to UC aPAKE, at the cost of two additional communication rounds. Motivated by practical applications of aPAKEs, in this paper we propose alternative methods for converting a UC PAKE to UC aPAKE, which use only one additional round. Moreover, since this extra message is sent from client to server, it does not add any round overhead in applications which require explicit client-to-server authentication. Importantly, this round-complexity reduction in the compiler comes at virtually no cost, since with respect to local computation and security assumptions our constructions are comparable to that of Gentry et al. [15].

Original languageEnglish
Title of host publicationSecurity and Cryptography for Networks - 11th International Conference, SCN 2018, Proceedings
EditorsDario Catalano, Roberto De Prisco
PublisherSpringer Verlag
Pages485-504
Number of pages20
ISBN (Print)9783319981123
DOIs
Publication statusPublished - 2018
Event11th International Conference on Security and Cryptography for Networks, SCN 2018 - Amalfi, Italy
Duration: 2018 Sep 52018 Sep 7

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11035 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other11th International Conference on Security and Cryptography for Networks, SCN 2018
CountryItaly
CityAmalfi
Period18/9/518/9/7

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Round-reduced modular construction of asymmetric password-authenticated key exchange'. Together they form a unique fingerprint.

  • Cite this

    Hwang, J. Y., Jarecki, S., Kwon, T., Lee, J., Shin, J. S., & Xu, J. (2018). Round-reduced modular construction of asymmetric password-authenticated key exchange. In D. Catalano, & R. De Prisco (Eds.), Security and Cryptography for Networks - 11th International Conference, SCN 2018, Proceedings (pp. 485-504). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11035 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-98113-0_26