To address these needs, we introduce the notions of credential-authenticated identification (CAID) and key exchange (CAKE), where the compatibility of the parties' \emph{credentials} is the criteria for authentication, rather than the parties' \emph{identities} relative to some PKI. We formalize CAID and CAKE in the universal composability (UC) framework, with natural ideal functionalities, and we give practical, modularly designed protocol realizations. We prove all our protocols UC-secure in the adaptive corruption model with erasures, assuming a common reference string (CRS). The proofs are based on standard cryptographic assumptions and do not rely on random oracles.
CAKE includes password-authenticated key exchange (PAKE) as a special case, and we present two new PAKE protocols. The first one is interesting in that it is uses completly different techniques than known practical PAKE protocols, and also achieves UC-security in the adaptive corruption model with erasures; the second one is the first practical PAKE protocol that provides a meaningful form of resilience against server compromise without relying on random oracles.
Category / Keywords: cryptographic protocols / key exchange, authentication, anonymous credentials, PAKE Date: received 2 Feb 2010, last revised 25 May 2010 Contact author: shoup at cs nyu edu Available format(s): PDF | BibTeX Citation Version: 20100525:162928 (All versions of this report) Short URL: ia.cr/2010/055 Discussion forum: Show discussion | Start new discussion