eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2015/945

Secure Set-based Policy Checking and Its Application to Password Registration

Changyu Dong and Franziskus Kiefer


Policies are the corner stones of today's computer systems. They define secure states and safe operations. A common problem with policies is that their enforcement is often in conflict with user privacy. In order to check the satisfiability of a policy, a server usually needs to collect from a client some information which may be private. In this work we introduce the notion of secure set-based policy checking (SPC) that allows the server to verify policies while preserving the client's privacy. SPC is a generic protocol that can be applied in many policy-based systems. As an example, we show how to use SPC to build a password registration protocol so that a server can check whether a client's password is compliant with its password policy without seeing the password. We also analyse SPC and the password registration protocol and provide security proofs. To demonstrate the practicality of the proposed primitives, we report performance evaluation results based on a prototype implementation of the password registration protocol.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. 14th International Conference on Cryptology and Network Security (CANS 2015)
policiesprivate set operationspasswords
Contact author(s)
f kiefer @ surrey ac uk
2015-09-28: received
Short URL
Creative Commons Attribution


      author = {Changyu Dong and Franziskus Kiefer},
      title = {Secure Set-based Policy Checking and Its Application to Password Registration},
      howpublished = {Cryptology ePrint Archive, Paper 2015/945},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/945}},
      url = {https://eprint.iacr.org/2015/945}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.