Paper 2013/127

Oblivious PAKE: Efficient Handling of Password Trials

Franziskus Kiefer and Mark Manulis


In this work we introduce the notion of Oblivious Password based Authenticated Key Exchange (O-PAKE) and a compiler to transform a large class of PAKE into O-PAKE protocols. O-PAKE allows a client that shares one password with a server to use a set of passwords within one PAKE session. It succeeds if and only if one of those input passwords matches the one stored on the server side. The term oblivious is used to emphasise that no information about any password, input by the client, is made available to the server. Using special processing techniques, our O-PAKE compiler reaches nearly constant run time on the server side, independent of the size of the client’s password set. We prove security of the O-PAKE compiler under standard assumptions using the latest game-based PAKE model by Abdalla, Fouque and Pointcheval (PKC 2005), tailored to our needs. We identify the requirements that PAKE protocols must satisfy in order to suit the compiler and give two concrete O-PAKE instantiation.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Not published yet
Password Based Authenticated Key Exchange
Contact author(s)
f kiefer @ surrey ac uk
2015-06-04: last of 4 revisions
2013-03-05: received
See all versions
Short URL
Creative Commons Attribution


      author = {Franziskus Kiefer and Mark Manulis},
      title = {Oblivious {PAKE}: Efficient Handling of Password Trials},
      howpublished = {Cryptology ePrint Archive, Paper 2013/127},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.