Security of the J-PAKE Password-Authenticated Key Exchange Protocol

Abstract : J-PAKE is an efficient password-authenticated key exchange protocol that is included in the OpenSSL library and is currently being used in practice. We present the first proof of security for this protocol in a well-known and accepted model for authenticated key-exchange, that incorporates online and offline password guessing, concurrent sessions, forward secrecy, server compromise, and loss of session keys. This proof relies on the Decision Square Diffie-Hellman assumption, as well as a strong security assumption for the non-interactive zero-knowledge (NIZK) proofs in the protocol (specifically, simulation-sound extractability). We show that the Schnorr proof-of-knowledge protocol, which was recommended for the J-PAKE protocol, satisfies this strong security assumption in a model with algebraic adversaries and random oracles, and extend the full J-PAKE proof of security to this model. Finally, we show that by modifying the recommended labels in the Schnorr protocol used in J-PAKE, we can achieve a security proof for J-PAKE with a tighter security reduction.
Type de document :
Communication dans un congrès
2015 IEEE Symposium on Security and Privacy, May 2015, San Jose, United States. IEEE Computer Society, pp.571-587, 2015, 〈10.1109/SP.2015.41〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01175785
Contributeur : Michel Abdalla <>
Soumis le : lundi 13 juillet 2015 - 00:11:38
Dernière modification le : vendredi 25 mai 2018 - 12:02:05

Lien texte intégral

Identifiants

Collections

Citation

Michel Abdalla, Fabrice Benhamouda, Philip Mackenzie. Security of the J-PAKE Password-Authenticated Key Exchange Protocol. 2015 IEEE Symposium on Security and Privacy, May 2015, San Jose, United States. IEEE Computer Society, pp.571-587, 2015, 〈10.1109/SP.2015.41〉. 〈hal-01175785〉

Partager

Métriques

Consultations de la notice

204