Cryptology ePrint Archive: Report 2016/442
Blind Password Registration for Verifier-based PAKE
Franziskus Kiefer and Mark Manulis
Abstract: We propose Blind Password Registration (BPR), a new class of cryptographic protocols that is instrumental for secure registration of client passwords at remote servers with additional protection against unwitting password disclosures on the server side that may occur due to the lack of the state-of-the-art password protection mechanisms implemented by the server or due to common server-compromise attacks. The dictionary attack resistance property of BPR protocols guarantees that the only information available to the server during and after the execution of the protocol cannot be used to reveal the client password without performing an offline dictionary attack on a password verifier (e.g. salted hash value) that is stored by the server at the end of the protocol. In particular, at no point in time the server is supposed to work with plain passwords. Our BPR model allows servers to enforce password policies and the requirement on the client to obey them during the execution of the BPR protocol is covered by the policy compliance property.
We construct an efficient BPR protocol in the standard model for ASCII-based password policies using some techniques underlying the recently introduced Zero-Knowledge Password Policy Checks (ZKPPC). However, we do not rely on the full power of costly ZKPPC proofs and in fact show that BPR protocols can be modelled and realised simpler and significantly faster (as supported by our implementation) without using them as a building block. Our BPR protocol can directly be used to replace ZKPPC-based registration procedure for existing VPAKE protocols.
Category / Keywords: cryptographic protocols / blind password registration, verifier-based PAKE
Original Publication (with major differences): Full version of the paper published at ACM ASIAPKC 2016
Date: received 4 May 2016
Contact author: mark at manulis eu
Available format(s): PDF | BibTeX Citation
Version: 20160506:075512 (All versions of this report)
Short URL: ia.cr/2016/442
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]