Cryptology ePrint Archive: Report 2013/127

Oblivious PAKE: Efficient Handling of Password Trials

Franziskus Kiefer and Mark Manulis

Abstract: In this work we introduce the notion of Oblivious Password based Authenticated Key Exchange (O-PAKE) and a compiler to transform a large class of PAKE into O-PAKE protocols. O-PAKE allows a client that shares one password with a server to use a set of passwords within one PAKE session. It succeeds if and only if one of those input passwords matches the one stored on the server side. The term oblivious is used to emphasise that no information about any password, input by the client, is made available to the server. Using special processing techniques, our O-PAKE compiler reaches nearly constant run time on the server side, independent of the size of the client’s password set. We prove security of the O-PAKE compiler under standard assumptions using the latest game-based PAKE model by Abdalla, Fouque and Pointcheval (PKC 2005), tailored to our needs. We identify the requirements that PAKE protocols must satisfy in order to suit the compiler and give two concrete O-PAKE instantiation.

Category / Keywords: cryptographic protocols / Password Based Authenticated Key Exchange

Publication Info: Not published yet

Date: received 1 Mar 2013, last revised 13 Jan 2015

Contact author: f kiefer at surrey ac uk

Available format(s): PDF | BibTeX Citation

Version: 20150113:082333 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]