Skip to Main content Skip to Navigation
Conference papers

Security of the J-PAKE Password-Authenticated Key Exchange Protocol

Abstract : J-PAKE is an efficient password-authenticated key exchange protocol that is included in the OpenSSL library and is currently being used in practice. We present the first proof of security for this protocol in a well-known and accepted model for authenticated key-exchange, that incorporates online and offline password guessing, concurrent sessions, forward secrecy, server compromise, and loss of session keys. This proof relies on the Decision Square Diffie-Hellman assumption, as well as a strong security assumption for the non-interactive zero-knowledge (NIZK) proofs in the protocol (specifically, simulation-sound extractability). We show that the Schnorr proof-of-knowledge protocol, which was recommended for the J-PAKE protocol, satisfies this strong security assumption in a model with algebraic adversaries and random oracles, and extend the full J-PAKE proof of security to this model. Finally, we show that by modifying the recommended labels in the Schnorr protocol used in J-PAKE, we can achieve a security proof for J-PAKE with a tighter security reduction.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/hal-01175785
Contributor : Michel Abdalla <>
Submitted on : Monday, July 13, 2015 - 12:11:38 AM
Last modification on : Tuesday, May 4, 2021 - 2:06:02 PM

Links full text

Identifiers

Collections

Citation

Michel Abdalla, Fabrice Benhamouda, Philip Mackenzie. Security of the J-PAKE Password-Authenticated Key Exchange Protocol. 2015 IEEE Symposium on Security and Privacy, May 2015, San Jose, United States. pp.571-587, ⟨10.1109/SP.2015.41⟩. ⟨hal-01175785⟩

Share

Metrics

Record views

313