Skip to Main content Skip to Navigation
Reports

Perfect Forward Security of SPAKE2

Abstract : SPAKE2 is a balanced password-authenticated key exchange (PAKE) protocol, proposed by Abdalla and Pointcheval at CTRSA 2005. Due to its simplicity and efficiency, SPAKE2 is one of the balanced PAKE candidates currently under consideration for standardization by the CFRG, together with SPEKE, CPace, and J-PAKE. In this paper, we show that SPAKE2 achieves perfect forward security in the random-oracle model under the Gap Diffie-Hellman assumption. Unlike prior results, which either did not consider forward security or only proved a weak form of it, our results guarantee the security of the derived keys even for sessions that were created with the active involvement of the attacker, as long as the parties involved in the protocol are not corrupted when these sessions take place. Finally, our proofs also demonstrate that SPAKE2 is flexible with respect to the generation of its global parameters M and N. This includes the cases where M is a uniform group element and M=N or the case where M and N are chosen as the output of a random oracle.
Document type :
Reports
Complete list of metadata

Cited literature [23 references]  Display  Hide  Download

https://hal.inria.fr/hal-02317002
Contributor : Michel Abdalla <>
Submitted on : Friday, November 13, 2020 - 12:36:50 PM
Last modification on : Thursday, July 1, 2021 - 5:58:08 PM
Long-term archiving on: : Sunday, February 14, 2021 - 6:48:10 PM

File

main.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-02317002, version 1

Collections

Citation

Michel Abdalla, Manuel Barbosa. Perfect Forward Security of SPAKE2. [Research Report] Report 2019/1194, IACR Cryptology ePrint Archive. 2019. ⟨hal-02317002⟩

Share

Metrics

Record views

115

Files downloads

131