Cryptology ePrint Archive: Report 2019/199

Password-Authenticated Public-Key Encryption

Tatiana Bradley and Jan Camenisch and Stanislaw Jarecki and Anja Lehmann and Gregory Neven and Jiayu Xu

Abstract: We introduce password-authenticated public-key encryption (PAPKE), a new cryptographic primitive. PAPKE enables secure end-to-end encryption between two entities without relying on a trusted third party or other out-of-band mechanisms for authentication. Instead, resistance to man-in-the-middle attacks is ensured in a human-friendly way by authenticating the public key with a shared password, while preventing offline dictionary attacks given the authenticated public key and/or the ciphertexts produced using this key.

Our contributions are three-fold. First, we provide property-based and universally composable (UC) definitions for PAPKE, with the resulting primitive combining CCA security of public-key encryption (PKE) with password authentication. Second, we show that PAPKE implies Password-Authenticated Key Exchange (PAKE), but the reverse implication does not hold, indicating that PAPKE is a strictly stronger primitive than PAKE. Indeed, PAPKE implies a two-flow PAKE which remains secure if either party re-uses its state in multiple sessions, e.g. due to communication errors, thus strengthening existing notions of PAKE security. Third, we show two highly practical UC PAPKE schemes: a generic construction built from CCA-secure and anonymous PKE and an ideal cipher, and a direct construction based on the Decisional Diffie-Hellman assumption in the random oracle model.

Finally, applying our PAPKE-to-PAKE compiler to the above PAPKE schemes we exhibit the first 2-round UC PAKE's with efficiency comparable to (unauthenticated) Diffie-Hellman Key Exchange.

Category / Keywords: public-key cryptography / Password Authenticated Key Exchange, Universal Composability, Public Key Encryption, Authentication

Date: received 21 Feb 2019, last revised 5 Mar 2019

Contact author: stanislawjarecki at gmail com,tebradle@uci edu,jiayux@uci edu,anj@zurich ibm com,gregory@dfinity org,jan@dfinity org

Available format(s): PDF | BibTeX Citation

Version: 20190305:130734 (All versions of this report)

Short URL: ia.cr/2019/199


[ Cryptology ePrint archive ]