VTBPEKE: Verifier-based Two-Basis Password Exponential Key Exchange

David Pointcheval 1, 2 Guilin Wang 3
2 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
Abstract : PAKE protocols, for Password-Authenticated Key Exchange, enable two parties to establish a shared cryptographically strong key over an insecure network using a short common secret as authentication means. After the seminal work by Bellovin and Merritt, with the famous EKE, for Encrypted Key Exchange, various settings and security notions have been defined, and many protocols have been proposed. In this paper, we revisit the promising SPEKE, for Simple Password Exponential Key Exchange, proposed by Jablon. The only known security analysis works in the random oracle model under the CDH assumption, but in the multiplicative groups of finite fields only (subgroups of Z∗p), which means the use of large elements and so huge communications and computations. Our new instantiation (TBPEKE, for Two-Basis Password Exponential Key Exchange) applies to any group, and our security analysis requires a DLin-like assumption to hold. In particular, one can use elliptic curves, which leads to a better efficiency, at both the communication and computation levels. We additionally consider server corruptions, which immediately leak all the passwords to the adversary with symmetric PAKE. We thus study an asymmetric variant, also known as VPAKE, for Verifier-based Password Authenticated Key Exchange. We then propose a verifier-based variant of TBPEKE, the so-called VTBPEKE, which is also quite efficient, and resistant to server-compromise.
Type de document :
Communication dans un congrès
ASIA CCS'17, Apr 2017, Abu Dhabi, United Arab Emirates. Proceedings of the 12th ACM Symposium on Information, Computer and Communications Security, 2017, 〈10.1145/3052973.3053026〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01471737
Contributeur : David Pointcheval <>
Soumis le : lundi 20 février 2017 - 11:42:36
Dernière modification le : vendredi 25 mai 2018 - 12:02:05

Identifiants

Collections

Citation

David Pointcheval, Guilin Wang. VTBPEKE: Verifier-based Two-Basis Password Exponential Key Exchange. ASIA CCS'17, Apr 2017, Abu Dhabi, United Arab Emirates. Proceedings of the 12th ACM Symposium on Information, Computer and Communications Security, 2017, 〈10.1145/3052973.3053026〉. 〈hal-01471737〉

Partager

Métriques

Consultations de la notice

405