Paper 2015/1101

Virtual Smart Cards: How to Sign with a Password and a Server

Jan Camenisch, Anja Lehmann, Gregory Neven, and Kai Samelin

Abstract

An important shortcoming of client-side cryptography on consumer devices is the poor protection of secret keys. Encrypting the keys under a human-memorizable password hardly offers any protection when the device is stolen. Trusted hardware tokens such as smart cards can provide strong protection of keys but are cumbersome to use. We consider the case where secret keys are used for digital signatures and propose a password-authenticated server-aided signature Pass2Sign protocol, where signatures are collaboratively generated by a device and a server, while the user authenticates to the server with a (low-entropy) password. Neither the server nor the device store enough information to create a signature by itself or to perform an offline attack on the password. The signed message remains hidden from the server. We argue that our protocol offers comparable security to trusted hardware, but without its inconveniences. We prove it secure in the universal composability (UC) framework in a very strong adaptive corruption model where, unlike standard UC, the adversary does not obtain past inputs and outputs upon corrupting a party. This is crucial to hide previously entered passwords and messages from the adversary when the device gets corrupted. The protocol itself is surprisingly simple: it is round-optimal, efficient, and relies exclusively on standard primitives such as hash functions and RSA. The security proof involves a novel random-oracle programming technique that may be of independent interest.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Contact author(s)
anj @ zurich ibm com
History
2015-11-14: received
Short URL
https://ia.cr/2015/1101
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/1101,
      author = {Jan Camenisch and Anja Lehmann and Gregory Neven and Kai Samelin},
      title = {Virtual Smart Cards: How to Sign with a Password and a Server},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1101},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/1101}},
      url = {https://eprint.iacr.org/2015/1101}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.