Cryptology ePrint Archive: Report 2017/470

On the Relation Between SIM and IND-RoR Security Models for PAKEs

Josť Becerra and Vincenzo Iovino and Dimiter Ostrev and Marjan Skrobot

Abstract: Password-based Authenticated Key-Exchange (PAKE) protocols allow users, who need only to share a password, to compute a high-entropy shared session key despite passwords being taken from a dictionary. Security models for PAKE protocols aim to capture the desired security properties that such protocols must satisfy when executed in the presence of an active adversary. They are usually classified into i) indistinguishability-based (IND-based) or ii) simulation-based (SIM-based). The relation between these two security notions is unclear and mentioned as a gap in the literature. In this work, we prove that SIM-BMP security from Boyko et al. (EUROCRYPT 2000) implies IND-RoR security from Abdalla et al. (PKC 2005) and that IND-RoR security is equivalent to a slightly modified version of SIM-BMP security. We also investigate whether IND-RoR security implies (unmodified) SIM-BMP security.

Category / Keywords: cryptographic protocols / Security Models, SIM-based Security, IND-based Security, Password Authenticated Key Exchange

Original Publication (in the same form): SECRYPT 2017

Date: received 26 May 2017

Contact author: jose becerra at uni lu

Available format(s): PDF | BibTeX Citation

Note: Accepted for publication in SECRYPT 2017

Version: 20170528:185526 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]