Paper 2017/838

Two-Round PAKE from Approximate SPH and Instantiations from Lattices

Jiang Zhang and Yu Yu


Password-based authenticated key exchange (PAKE) enables two users with shared low-entropy passwords to establish cryptographically strong session keys over insecure networks. At Asiacrypt 2009, Katz and Vaikuntanathan showed a generic three-round PAKE based on any CCA-secure PKE with associated approximate smooth projective hashing (ASPH), which helps to obtain the first PAKE from lattices. In this paper, we give a framework for constructing PAKE from CCA-secure PKE with associated ASPH, which uses only two-round messages by carefully exploiting a splittable property of the underlying PKE and its associated non-adaptive ASPH. We also give a splittable PKE with associated non-adaptive ASPH based on the LWE assumption, which finally allows to instantiate our two-round PAKE framework from lattices.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in ASIACRYPT 2017
Contact author(s)
jiangzhang09 @ gmail com
2017-09-01: received
Short URL
Creative Commons Attribution


      author = {Jiang Zhang and Yu Yu},
      title = {Two-Round PAKE from Approximate SPH and Instantiations from Lattices},
      howpublished = {Cryptology ePrint Archive, Paper 2017/838},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.