Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, Epiciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Skip to Main content Skip to Navigation
Conference papers

Security of the J-PAKE Password-Authenticated Key Exchange Protocol

Abstract : J-PAKE is an efficient password-authenticated key exchange protocol that is included in the OpenSSL library and is currently being used in practice. We present the first proof of security for this protocol in a well-known and accepted model for authenticated key-exchange, that incorporates online and offline password guessing, concurrent sessions, forward secrecy, server compromise, and loss of session keys. This proof relies on the Decision Square Diffie-Hellman assumption, as well as a strong security assumption for the non-interactive zero-knowledge (NIZK) proofs in the protocol (specifically, simulation-sound extractability). We show that the Schnorr proof-of-knowledge protocol, which was recommended for the J-PAKE protocol, satisfies this strong security assumption in a model with algebraic adversaries and random oracles, and extend the full J-PAKE proof of security to this model. Finally, we show that by modifying the recommended labels in the Schnorr protocol used in J-PAKE, we can achieve a security proof for J-PAKE with a tighter security reduction.
Document type :
Conference papers
Complete list of metadata
Contributor : Michel Abdalla Connect in order to contact the contributor
Submitted on : Monday, July 13, 2015 - 12:11:38 AM
Last modification on : Thursday, March 17, 2022 - 10:08:37 AM

Links full text




Michel Abdalla, Fabrice Benhamouda, Philip Mackenzie. Security of the J-PAKE Password-Authenticated Key Exchange Protocol. 2015 IEEE Symposium on Security and Privacy, May 2015, San Jose, United States. pp.571-587, ⟨10.1109/SP.2015.41⟩. ⟨hal-01175785⟩



Record views