Paper 2016/520
Universally Composable Two-Server PAKE
Franziskus Kiefer and Mark Manulis
Abstract
Two-Server Password Authenticated Key Exchange (2PAKE) protocols apply secret sharing techniques to achieve protection against server-compromise attacks. 2PAKE protocols eliminate the need for password hashing and remain secure as long as one of the servers remains honest. This concept has also been explored in connection with two-server password authenticated secret sharing (2PASS) protocols for which game-based and universally composable versions have been proposed. In contrast, universally composable PAKE protocols exist currently only in the single-server scenario and all proposed 2PAKE protocols use game-based security definitions. In this paper we propose the first construction of an universally composable 2PAKE protocol, alongside with its ideal functionality. The protocol is proven UC-secure in the standard model, assuming a common reference string which is a common assumption to many UC-secure PAKE and PASS protocols. The proposed protocol remains secure for arbitrary password distributions. As one of the building blocks we define and construct a new cryptographic primitive, called Trapdoor Distributed Smooth Projective Hash Function (TD-SPHF), which could be of independent interest.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Major revision. 19th Information Security Conference (ISC) 2016
- Keywords
- PAKEUniversal ComposabilitySmooth Projective Hashing
- Contact author(s)
- mark @ manulis eu
- History
- 2016-05-29: received
- Short URL
- https://ia.cr/2016/520
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2016/520,
author = {Franziskus Kiefer and Mark Manulis},
title = {Universally Composable Two-Server {PAKE}},
howpublished = {Cryptology {ePrint} Archive, Paper 2016/520},
year = {2016},
url = {https://eprint.iacr.org/2016/520}
}
