Paper 2017/470

On the Relation Between SIM and IND-RoR Security Models for PAKEs

José Becerra, Vincenzo Iovino, Dimiter Ostrev, and Marjan Skrobot

Abstract

Password-based Authenticated Key-Exchange (PAKE) protocols allow users, who need only to share a password, to compute a high-entropy shared session key despite passwords being taken from a dictionary. Security models for PAKE protocols aim to capture the desired security properties that such protocols must satisfy when executed in the presence of an active adversary. They are usually classified into i) indistinguishability-based (IND-based) or ii) simulation-based (SIM-based). The relation between these two security notions is unclear and mentioned as a gap in the literature. In this work, we prove that SIM-BMP security from Boyko et al. (EUROCRYPT 2000) implies IND-RoR security from Abdalla et al. (PKC 2005) and that IND-RoR security is equivalent to a slightly modified version of SIM-BMP security. We also investigate whether IND-RoR security implies (unmodified) SIM-BMP security.

Note: Accepted for publication in SECRYPT 2017

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. SECRYPT 2017
Keywords
Security ModelsSIM-based SecurityIND-based SecurityPassword Authenticated Key Exchange
Contact author(s)
jose becerra @ uni lu
History
2017-05-28: received
Short URL
https://ia.cr/2017/470
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/470,
      author = {José Becerra and Vincenzo Iovino and Dimiter Ostrev and Marjan Skrobot},
      title = {On the Relation Between SIM and IND-RoR Security Models for PAKEs},
      howpublished = {Cryptology ePrint Archive, Paper 2017/470},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/470}},
      url = {https://eprint.iacr.org/2017/470}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.