Cryptology ePrint Archive: Report 2016/520

Universally Composable Two-Server PAKE

Franziskus Kiefer and Mark Manulis

Abstract: Two-Server Password Authenticated Key Exchange (2PAKE) protocols apply secret sharing techniques to achieve protection against server-compromise attacks. 2PAKE protocols eliminate the need for password hashing and remain secure as long as one of the servers remains honest. This concept has also been explored in connection with two-server password authenticated secret sharing (2PASS) protocols for which game-based and universally composable versions have been proposed. In contrast, universally composable PAKE protocols exist currently only in the single-server scenario and all proposed 2PAKE protocols use game-based security definitions.

In this paper we propose the first construction of an universally composable 2PAKE protocol, alongside with its ideal functionality. The protocol is proven UC-secure in the standard model, assuming a common reference string which is a common assumption to many UC-secure PAKE and PASS protocols. The proposed protocol remains secure for arbitrary password distributions. As one of the building blocks we define and construct a new cryptographic primitive, called Trapdoor Distributed Smooth Projective Hash Function (TD-SPHF), which could be of independent interest.

Category / Keywords: cryptographic protocols / PAKE, Universal Composability, Smooth Projective Hashing

Original Publication (with major differences): 19th Information Security Conference (ISC) 2016

Date: received 26 May 2016

Contact author: mark at manulis eu

Available format(s): PDF | BibTeX Citation

Version: 20160529:210411 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]