Cryptology ePrint Archive: Report 2013/127
Oblivious PAKE: Efficient Handling of Password Trials
Franziskus Kiefer and Mark Manulis
Abstract: In this work we introduce the notion of Oblivious Password based Authenticated Key Exchange (O-PAKE) and a general compiler to transform a large class of PAKE into O-PAKE protocols.
O-PAKE allows a client that shares one password with a server to use a set of passwords within one PAKE session.
It succeeds if and only if one of those input passwords matches the one stored on the server side. The term oblivious is used to emphasize that no information about any password, input by the client, is made available to the server.
Using special processing techniques, our O-PAKE compiler reaches nearly constant runtime on the server side, independent of the size of the client's password set.
We prove security of the O-PAKE compiler under standard assumptions using the latest game-based PAKE model by Abdalla, Fouque and Pointcheval (PKC 2005), tailored to our needs.
We identify the requirements that PAKE protocols must satisfy in order to suit the compiler and give a concrete O-PAKE instantiation.
The compiled protocol is implemented and its performance analysis attests to the practicality of the compiler.
Furthermore, we implement a browser plugin demonstrating how to use O-PAKE in practice.
Category / Keywords: cryptographic protocols / Password Based Authenticated Key Exchange
Publication Info: Not published yet
Date: received 1 Mar 2013, last revised 1 Oct 2013
Contact author: f kiefer at surrey ac uk
Available format(s): PDF | BibTeX Citation
Version: 20131001:190900 (All versions of this report)
Short URL: ia.cr/2013/127
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]