Cryptology ePrint Archive: Report 2013/127

Oblivious PAKE: Efficient Handling of Password Trials

Franziskus Kiefer and Mark Manulis

Abstract: In this work we introduce the notion of Oblivious Password based Authenticated Key Exchange (O-PAKE) and a general compiler to transform a large class of PAKE into O-PAKE protocols. O-PAKE allows a client that shares one password with a server to use a set of passwords within one PAKE session. It succeeds if and only if one of those input passwords matches the one stored on the server side. The term oblivious is used to emphasize that no information about any password, input by the client, is made available to the server. Using special processing techniques, our O-PAKE compiler reaches nearly constant runtime on the server side, independent of the size of the client's password set. We prove security of the O-PAKE compiler under standard assumptions using the latest game-based PAKE model by Abdalla, Fouque and Pointcheval (PKC 2005), tailored to our needs. We identify the requirements that PAKE protocols must satisfy in order to suit the compiler and give a concrete O-PAKE instantiation. The compiled protocol is implemented and its performance analysis attests to the practicality of the compiler. Furthermore, we implement a browser plugin demonstrating how to use O-PAKE in practice.

Category / Keywords: cryptographic protocols / Password Based Authenticated Key Exchange

Publication Info: Not published yet

Date: received 1 Mar 2013, last revised 1 Oct 2013

Contact author: f kiefer at surrey ac uk

Available format(s): PDF | BibTeX Citation

Version: 20131001:190900 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]