Cryptology ePrint Archive: Report 2016/345

Provably Secure Password Reset Protocol: Model, Definition, and Generic Construction

Satsuya Ohata and Takahiro Matsuda and Kanta Matsuura

Abstract: Many online services adopt a password-based user authentication system because of its usability. However, several problems have been pointed out on it, and one of the well-known problems is that a user forgets his/her password and cannot login the services. To solve this problem, most online services support a mechanism with which a user can reset a password. In this paper, we consider a provable security treatment for a password reset protocol. We formalize a model and security definitions, propose a generic construction based on a pseudorandom function and public key encryption. In addition, we implement a prototype of our protocol to evaluate its efficiency.

Category / Keywords: cryptographic protocols / Password Reset Protocol, Provable Security

Date: received 31 Mar 2016

Contact author: satsuya at iis u-tokyo ac jp

Available format(s): PDF | BibTeX Citation

Version: 20160401:170648 (All versions of this report)

Short URL: ia.cr/2016/345

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]