Jiang Zhang,Yu Yu

DOI: https://doi.org/10.1007/978-3-319-70700-6_2

2017-01-01

Abstract:Password-based authenticated key exchange (PAKE) enables two users with shared low-entropy passwords to establish cryptographically strong session keys over insecure networks. At Asiacrypt 2009, Katz and Vaikuntanathan showed a generic three-round PAKE based on any CCA-secure PKE with associated approximate smooth projective hashing (ASPH), which helps to obtain the first PAKE from lattices. In this paper, we give a framework for constructing PAKE from CCA-secure PKE with associated ASPH, which uses only two-round messages by carefully exploiting a splittable property of the underlying PKE and its associated non-adaptive ASPH. We also give a splittable PKE with associated non-adaptive ASPH based on the LWE assumption, which finally allows to instantiate our two-round PAKE framework from lattices.

Xianhui Lu,Jiang Zhang

DOI: https://doi.org/10.1093/nsr/nwab090

IF: 20.6

2021-05-24

National Science Review

Abstract:The invention of public-key cryptography (PKC) by Diffie and Hellman in 1976 is one of two milestones marking the beginning of modern cryptography. The security of a PKC system requires that it should be infeasible to compute the private key from a given public key, which in turn is typically guaranteed by the difficulty in solving some cryptographic-friendly mathematical problems. Among those problems, the integer factorization and discrete logarithm problems play pivotal roles in the development of public-key cryptography. In particular, the assumption that there is no polynomial time (classical) algorithm that solves the above two problems constitutes the basis for the security of almost all currently used public-key cryptosystems, such as RSA and ElGamal. However, Shor [1] found an efficient quantum solving algorithm for the integer factorization and discrete logarithm problems in 1994, which would destroy the security basis for most real deployed PKC systems if large-scale quantum computers become available. The rapid development of quantum technology in recent years suggests that we are getting closer to the quantum crisis of current PKC systems.

multidisciplinary sciences

Mao YE,Xue-xian HU,Wen-fen LIU

DOI: https://doi.org/10.3969/j.issn.1671-0673.2013.01.003

2013-01-01

Abstract:An approximate smooth projective hash(ASPH) function is an important primitive of the lattice-based cryptography,and it is used to construct password-based authenticated key exchange(PAKE) protocol which is resistant to quantum attacks by Katz et al.The available ASPH function based on the hardness of the standard lattice problem has a large key size and impractical implementations.Based on learning with error problem from ideal lattices(R-LWE),this paper designs a new public-key encryption scheme and an associated ASPH function that can apply to PAKE protocol,and gives a proof of its security.Compared with the existing system,the new system has a small key size,fast computing speed and high efficiency.

Jiehui Nan,Mengce Zheng,Zilong Wang,Honggang Hu

DOI: https://doi.org/10.1007/978-981-15-0818-9_17

2019-01-01

Abstract:In cyber security, authenticated key exchange (AKE) can be used to achieve the privacy and authentication of data. As a relevant cryptographic protocol, password-based authenticated key exchange (PAKE) has been studied for its convenience. Recently, Katz and Vaikuntanathan proposed a round-optimal PAKE from smooth projective hash functions (SPHFs). However, the instantiation of smooth projective hash functions depends on the underlying NP-relation which is a CCA-secure encryption relation in their construction. In this paper, we apply a new cryptographic primitive named witness PRFs to construct PAKE. In our settings, the concrete construction of witness PRFs is independent of the underlying NP-relation. At this point, our construction is more general, and furthermore, we have a discussion on some possible NP-relations, which could be used to construct secure PAKE in our settings.

Kübra Seyhan,Sedat Akleylek

DOI: https://doi.org/10.7717/peerj-cs.1791

2024-01-31

PeerJ Computer Science

Abstract:In this article, we propose a novel bilateral generalization inhomogenous short integer solution (BiGISIS)-based password-authenticated key exchange (PAKE) scheme for post-quantum era security. The hardness assumption of the constructed PAKE is based on newly proposed hard lattice problem, BiGISIS. The main aim of this article is to provide a solution for the post-quantum secure PAKE scheme, which is one of the open problems in the literature. The proposed PAKE is the first BiGISIS-based PAKE that satisfies anonymity and reusable key features. The bilateral-pasteurization (BiP) approach is used to obtain the reusable key, and anonymity is achieved thanks to the additional identity components and hash functions. The reusable key structure reduces the time in the key generation, and anonymity prevents illegal user login attempts. The security analysis is done by following the real-or-random (RoR) model assumptions. As a result of security examinations, perfect forward secrecy (PFS) and integrity are satisfied, and the resistance against eavesdropping, manipulation-based attack (MBA), hash function simulation, impersonation, signal leakage attack (SLA), man-in-the-middle (MitM), known-key security (KKS), and offline password dictionary attack (PDA) is captured. According to the comparison analysis, the proposed PAKE is the first SLA-resistant lattice-based PAKE with reusable key and anonymity properties.

computer science, information systems, artificial intelligence, theory & methods

Lin Chen,Tongzhou Qu,Anqi Yin

DOI: https://doi.org/10.1007/s11042-023-17984-1

IF: 2.577

2024-01-19

Multimedia Tools and Applications

Abstract:Password-based authentication is one of the most prevailing access control mechanism. Typical password-authenticated key exchange (PAKE) protocols are single-server settings and are therefore vulnerable to server compromise attack. To defend against such attack, multi-server PAKE schemes have been advanced, but most of which are built on non-quantum-secure hardness assumptions. Lattice-based cryptosystems are regarded as the most promising one for post-quantum eara by NIST, while the known multi-server password-based authentication solution over lattices achieves merely key transport and is public key infrastructure (PKI)-based, resulting in low efficiency and poor deployability. In this work, we resort to distributed smooth projective hash function (SPHF) to bridge the gap between multi-server PAKE protocol and quantum-security. We first design an exact SPHF and derive the first distributed SPHF over lattices by leveraging the additive homomorphic property of the strong learning with errors (LWE) problem. In particular, the relevant parameters of the public key encryption (PKE) scheme it predicates on are identified, thus eliminating the influence of incomplete lattice homomorphism on the correctness of our SPHFs. Pertinent lattice-based multi-server PAKE protocols are further proposed on both transparent and non-transparent transmission modes by integrating our distributed SPHF into the multi-server framework of Raimondo and Gennaro (EUROCRYPT'03). Our PAKE constructions are able to resist both quantum and sever compromise attacks as well as avoid the expensive cryptographic primitives, including non-interactive zero knowledge (NIZK) proofs, signature/verification, secret sharing and fully homomorphic encryption. Experimental results demonstrate that our SPHFs and PAKE protocols offer better efficiency.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

LIAN Huanhuan,HOU Huiying,ZHAO Yunlei

DOI: https://doi.org/10.11959/j.issn.1000−436x.2022062

2022-01-01

Abstract:In view of the fact that server stored the passwords directly in plaintext, there was a risk of server compromise, and two-party PAKE protocol was not suitable for large-scale communication systems, a three-party verifier-based password authenticated key exchange protocol from lattices was proposed.Hashing scheme and zero-knowledge password policy check were combined to realize the generation of verifier and the password checking.A novel verifier-based 3PAKE protocol was constructed by using CCA-secure public-key encryption from lattices, which realized mutual authentication.Security and performance analysis shows that the proposed protocol has better advantages in communication efficiency and security.

Jintai Ding,Saed Alsayigh,Jean Lancrenon,R. Saraswathy,Michael Snook

DOI: https://doi.org/10.1007/978-3-319-52153-4_11

2017-01-01

Abstract:Authenticated Key Exchange (AKE) is a cryptographic scheme with the aim to establish a high-entropy and secret session key over a insecure communications network. Password-Authenticated Key Exchange (PAKE) assumes that the parties in play share a simple password, which is cheap and human-memorable and is used to achieve the authentication. PAKEs are practically relevant as these features are extremely appealing in an age where most people access sensitive personal data remotely from more-and-more pervasive hand-held devices. Theoretically, PAKEs allow the secure computation and authentication of a high-entropy piece of data using a low-entropy string as a starting point. In this paper, we apply the recently proposed technique introduced in [19] to construct two lattice-based PAKE protocols enjoying a very simple and elegant design that is an parallel extension of the class of Random Oracle Model (ROM)-based protocols PAK and PPK [13,41], but in the lattice-based setting. The new protocol resembling PAK is three-pass, and provides mutual explicit authentication, while the protocol following the structure of PPK is two-pass, and provides implicit authentication. Our protocols rely on the Ring-Learning-with-Errors (RLWE) assumption, and exploit the additive structure of the underlying ring. They have a comparable level of efficiency to PAK and PPK, which makes them highly attractive. We present a preliminary implementation of our protocols to demonstrate that they are both efficient and practical. We believe they are suitable quantum safe replacements for PAK and PPK.

Yunxia Han,Chunxiang Xu,Shanshan Li,Changsong Jiang,Kefei Chen

DOI: https://doi.org/10.1016/j.jisa.2023.103658

IF: 4.96

2023-01-01

Journal of Information Security and Applications

Abstract:Error tolerant password-authenticated key exchange (PAKE) allows a user to authenticate to a server using a password and agree on a session key with the server, provided that the password for authentication and the registered one are “close enough”. Recently, an ingenious error tolerant PAKE scheme (faPAKE) for generalized passwords (e.g., fingerprints) emerged. In this paper, inspired by the mechanism of faPAKE, we propose a typo tolerance password-authenticated key exchange scheme, dubbed ttPAKE, for ordinary passwords. In ttPAKE, we introduce double-layered secret sharing (DLSS) that splits a main secret into shares and further splits the shares into sub-shares. DLSS can be considered homomorphic to typo tolerance of a password and would be an effective approach to achieve typo tolerance of the password without direct operations on the password for security requirements. A table is built to associate DLSS with typo tolerance of the password. The password is converted into position information for DLSS to store the sub-shares in the table. The table is scrambled with random numbers, and hence the information of the password is concealed. Using DLSS, our scheme implicitly determines whether typos in a password for authentication is no more than a threshold, which accomplishes typo tolerance while protecting passwords. We demonstrate that ttPAKE is secure under the Universal Composability model with security proofs. The performance evaluation shows that ttPAKE is efficient in terms of computation, communication, and storage costs.

Adam Groce,Jonathan Katz

DOI: https://doi.org/10.1145/1866307.1866365

2010-01-01

Abstract:Protocols for password-based authenticated key exchange (PAKE) allow two users who share only a short, low-entropy password to agree on a cryptographically strong session key. The challenge in designing such protocols is that they must be immune to off-line dictionary attacks in which an eavesdropping adversary exhaustively enumerates the dictionary of likely passwords in an attempt to match a password to the set of observed transcripts. To date, few general frameworks for constructing PAKE protocols in the standard model are known. Here, we abstract and generalize a protocol by Jiang and Gong to give a new methodology for realizing PAKE without random oracles, in the common reference string model. In addition to giving a new approach to the problem, the resulting construction off ers several advantages over prior work. We also describe an extension of our protocol that is secure within the universal composability (UC) framework and, when instantiated using El Gamal encryption, is more efficient than a previous protocol of Canetti et al.

Xiaoyan Yang,Han Jiang,Qiuliang Xu,Mengbo Hou,Xiaochao Wei,Minghao Zhao,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/trustcom.2016.0124

2016-01-01

Abstract:Anonymous password-based authenticated key exchange (APAKE) protocols are a topic of ongoing research interest. However, the security of existing APAKE protocols is generally provided in the random oracle model, and in these protocols, passwords are stored in cleartext on the server. However, proofs of security in the random oracle model do not necessarily imply security in the real world. Recent high profile incidents also indicate the real risk of a server being compromised and information stored on the server leaked. Verifier-based password-authenticated key exchange (VPAKE) protocols have been identified as a viable solution to overcome such limitations. In this paper, we propose a novel verifier-based anonymous password-authenticated key exchange (VAPAKE) protocol constructed using smooth projective hashing function. The proposed protocol only involves two-round interactions for mutual implicit authentication. We then prove the security of the protocol in the standard model.

Zilong Wang,Honggang Hu

DOI: https://doi.org/10.1007/978-981-13-3095-7_8

2018-01-01

Abstract:Lattice-based cryptographic primitives are believed to have the property against attacks by quantum computers. In this work, we present a KEA-style authenticated key exchange protocol based on the ring learning with errors problem whose security is proven in the BR model with weak perfect forward secrecy. With properties of KEA such as implicit key authentication and simplicity, our protocol also enjoys many properties of lattice-based cryptography, namely asymptotic efficiency, conceptual simplicity, worst-case hardness assumption, and resistance to attacks by quantum computers. Our lattice-based authenticated key exchange protocol is more efficient than the protocol of Zhang et al. (EUROCRYPT 2015) with more concise structure, smaller key size and lower bandwidth. Also, our protocol enjoys the advantage of optimal online efficiency and we improve our protocol with pre-computation.

Zhiguo Wan,Robert H. Deng,Feng Bao,Bart Preneel,Ming Gu

DOI: https://doi.org/10.1007/s11390-009-9207-6

2009-01-01

Abstract:Although two-party password-authenticated key exchange (PAKE) protocols have been intensively studied in recent years, group PAKE protocols have received little attention. In this paper, we propose a hierarchical group PAKE protocol nPAKE(+) protocol under the setting where each party shares an independent password with a trusted server. The nPAKE(+) protocol is a novel combination of the hierarchical key tree structure and the password-based Diffie-Hellman exchange, and hence it achieves substantial gain in computation efficiency. In particular, the computation cost for each client in our protocol is only O(log n). Additionally, the hierarchical feature of nPAKE(+) enables every subgroup obtains their own subgroup key in the end. We also prove the security of our protocol under the random oracle model and the ideal cipher model.

Jianjie Zhao,Dawu Gu

DOI: https://doi.org/10.1016/j.ins.2011.07.015

IF: 8.1

2011-01-01

Information Sciences

Abstract:A three-party password-based authenticated key exchange (3PAKE) protocol is a useful mechanism to establish a secure session key in a network. However, most current 3PAKE protocols only achieve “heuristic” security; the underlying hardness assumptions of these protocols are not perfect. We propose a 3PAKE protocol which is provably secure if the Diffie–Hellman problem is computationally infeasible (the CDH assumption), even in the 3eCK model where the adversary is allowed to make more queries and have more freedom than previous models. In our formal proof, we use the trapdoor test technique introduced by Cash, Kiltz and Shoup to construct an efficient decision oracle. As far as we know, our protocol is the first provably secure 3PAKE protocol based on the CDH assumption and the first 3PAKE protocol using the trapdoor test technique for the security proof.

Hu Xiong,Yanan Chen,Zhong Chen,Fagen Li

DOI: https://doi.org/10.2316/Journal.202.2013.1.202-3540

2015-01-01

International Journal of Computers and Applications

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the help of an authenticated server over an insecure channel. Owning to the significance in building a secure communication channel, a number of approaches have been suggested over the years. However, the lack of formal security proof is a major issue in the related literature. In this paper, we propose a simple 3PAKE protocol based upon elliptic curve cryptography along with formal security proof under the decisional Diffie-Hellman assumption. Experimental results by using the automated validation of Internet security protocols and applications tool also show that the proposed protocol is secure against various malicious attacks. Compared with previous work, the proposed protocol has lower computation costs and lighter communication loads.

You Lyu,Shengli Liu,Shuai Han,Dawu Gu

DOI: https://doi.org/10.1007/978-3-031-22969-5_8

2022-01-01

Abstract:Privacy-Preserving Authenticated Key Exchange (PPAKE) provides protection both for the session keys and the identity information of the involved parties. In this paper, we introduce the concept of robustness into PPAKE. Robustness enables each user to confirm whether itself is the target recipient of the first round message in the protocol. With the help of robustness, a PPAKE protocol can successfully avoid the heavy redundant communications and computations caused by the ambiguity of communicants in the existing PPAKE, especially in broadcast channels. We propose a generic construction of robust PPAKE from key encapsulation mechanism (KEM), digital signature (SIG), message authentication code (MAC), pseudo-random generator (PRG) and symmetric encryption (SE). By instantiatingKEM, MAC, PRG from theDDHassumption and SIG from the CDH assumption, we obtain a specific robust PPAKE scheme in the standard model, which enjoys forward security for session keys, explicit authentication and forward privacy for user identities. Thanks to the robustness of our PPAKE, the number of broadcast messages per run and the computational complexity per user are constant, and in particular, independent of the number of users in the system.

Victor Boyko,Philip MacKenzie,Sarvar Patel

DOI: https://doi.org/10.1007/3-540-45539-6_12

2000-01-01

Abstract:When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using crypto-graphically secure keys), one must not allow any information to be leaked that would allow verification of the password (a weak shared key), since an attacker who obtains this information may be able to run an off-line dictionary attack to determine the correct password. We present a new protocol called PAK which is the first Diffie-Hellman-based password-authenticated key exchange protocol to provide a formal proof of security (in the random oracle model) against both passive and active adversaries. In addition to the PAK protocol that provides mutual explicit authentication, we also show a more efficient protocol called PPK that is provably secure in the implicit-authentication model. We then extend PAK to a protocol called PAK-X, in which one side (the client) stores a plaintext version of the password, while the other side (the server) only stores a verifier for the password. We formally prove security of PAK-X, even when the server is compromised. Our formal model for password-authenticated key exchange is new, and may be of independent interest.

Wenting Li,Ping Wang,Kaitai Liang

DOI: https://doi.org/10.1109/tifs.2022.3214729

IF: 7.231

2023-03-01

IEEE Transactions on Information Forensics and Security

Abstract:Password-only authentication is one of the most popular secure mechanisms for real-world online applications. But it easily suffers from a practical threat - password leakage, incurred by external and internal attackers. The external attacker may compromise the password file stored on the authentication server, and the insider may deliberately steal the passwords or inadvertently leak the passwords. So far, there are two main techniques to address the leakage: Augmented password-authentication key exchange (aPAKE) against insiders and honeyword technique for external attackers. But none of them can resist both attacks. To fill the gap, we propose the notion of honey PAKE (HPAKE) that allows the authentication server to detect the password leakage and achieve the security beyond the traditional bound of aPAKE. Further, we build an HPAKE construction on the top of the honeyword mechanism, honey encryption, and OPAQUE which is a standardized aPAKE. We formally analyze the security of our design, achieving the insider resistance and the password breach detection. We implement our design and deploy it in the real environment. The experimental results show that our protocol only costs 71.27 ms for one complete run, within 20.67 ms on computation and 50.6 ms on communication. This means our design is secure and practical for real-world applications.

computer science, theory & methods,engineering, electrical & electronic

Ruoyu Ding,Chi Cheng,Yue Qin,Yue Qin Qin

DOI: https://doi.org/10.1109/jsyst.2022.3161264

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:To improve the security of mobile networks in the postquantum era, Dabra et al. recently proposed a lattice-based anonymous password-authenticated key exchange (LBA-PAKE) protocol for mobile devices. Especially, LBA-PAKE is claimed to support the key reuse. However, we find that LBA-PAKE is still vulnerable to the signal leakage attack when the master key is reused. We propose two strategies to reduce the needed number of queries in our attack. Compared to the method of Bindel et al., our method reduces the required queries by more than 75%. Our experiments show that breaking LBA-PAKE needs less than 2 min. Through analysis of why LBA-PAKE fails in their security proof, we further propose an improved protocol without incurring extra computation costs. The formal security analysis shows that our improved scheme supports all features of LBA-PAKE while thwarting the signal leakage attack. Moreover, the implementation of our improved protocol demonstrates its efficiency in mobile networks.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Huanhuan Lian,Yafang Yang,Yunlei Zhao

DOI: https://doi.org/10.1109/jiot.2022.3219524

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Password authenticated key exchange (PAKE) allows two parties with a shared password to establish a session key. In order to provide secure and private communication between devices in an Internet of Things (IoT) environment, the PAKE protocol is considered one of the most common and promising security methods. However, many existing PAKE proposals still face challenges in security and efficiency. First, both the terminals of participants may suffer from the compromise attack and precomputation attack, which will lead to the leakage of password. Second, the majority of the existing schemes cannot guarantee participants’ identity privacy. Third, most PAKE protocols are not suitable for IoT devices with limited computing capability because of a large number of exponential and pairing operations. To address these issues, we propose a strong symmetric PAKE protocol for IoT devices, which only requires 3 exponentiations per party. The proposed scheme can protect both parties from compromise and precomputation attacks, in which the password file relies on the identity and random salt. What’s more, our protocol guarantees the identity privacy, that is, the transmitted record and password file will not reveal the identity information. We further present a new security model for our protocol, and prove that the proposed scheme is secure under this model. Finally, we show the practicality of our PAKE via experiments and efficiency analysis.