You are looking at a specific version 20170930:132934 of this paper. See the latest version.

Paper 2017/961

An Offline Dictionary Attack against zkPAKE Protocol

José Becerra and Petra Sala and Marjan Škrobot

Abstract

Password Authenticated Key Exchange (PAKE) allows a user to establish a strong cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security requirements of PAKE is to prevent offline dictionary attacks. In this paper, we revisit zkPAKE, an augmented PAKE that has been recently proposed by Mochetti, Resende, and Aranha (SBSeg 2015). Our work shows that the zkPAKE protocol is prone to offline password guessing attack, even in the presence of an adversary that has only eavesdropping capabilities. Therefore, zkPAKE is insecure and should not be used as a key exchange mechanism.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
PAKE
Contact author(s)
marjan skrobot @ uni lu
History
2019-04-15: revised
2017-09-30: received
See all versions
Short URL
https://ia.cr/2017/961
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.