Paper 2016/345

Provably Secure Password Reset Protocol: Model, Definition, and Generic Construction

Satsuya Ohata, Takahiro Matsuda, and Kanta Matsuura

Abstract

Many online services adopt a password-based user authentication system because of its usability. However, several problems have been pointed out on it, and one of the well-known problems is that a user forgets his/her password and cannot login the services. To solve this problem, most online services support a mechanism with which a user can reset a password. In this paper, we consider a provable security treatment for a password reset protocol. We formalize a model and security definitions, propose a generic construction based on a pseudorandom function and public key encryption. In addition, we implement a prototype of our protocol to evaluate its efficiency.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
Password Reset ProtocolProvable Security
Contact author(s)
satsuya @ iis u-tokyo ac jp
History
2016-04-01: received
Short URL
https://ia.cr/2016/345
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/345,
      author = {Satsuya Ohata and Takahiro Matsuda and Kanta Matsuura},
      title = {Provably Secure Password Reset Protocol: Model, Definition, and Generic Construction},
      howpublished = {Cryptology ePrint Archive, Paper 2016/345},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/345}},
      url = {https://eprint.iacr.org/2016/345}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.