Paper 2019/199

Password-Authenticated Public-Key Encryption

Tatiana Bradley, Jan Camenisch, Stanislaw Jarecki, Anja Lehmann, Gregory Neven, and Jiayu Xu


We introduce password-authenticated public-key encryption (PAPKE), a new cryptographic primitive. PAPKE enables secure end-to-end encryption between two entities without relying on a trusted third party or other out-of-band mechanisms for authentication. Instead, resistance to man-in-the-middle attacks is ensured in a human-friendly way by authenticating the public key with a shared password, while preventing offline dictionary attacks given the authenticated public key and/or the ciphertexts produced using this key. Our contributions are three-fold. First, we provide property-based and universally composable (UC) definitions for PAPKE, with the resulting primitive combining CCA security of public-key encryption (PKE) with password authentication. Second, we show that PAPKE implies Password-Authenticated Key Exchange (PAKE), but the reverse implication does not hold, indicating that PAPKE is a strictly stronger primitive than PAKE. Indeed, PAPKE implies a two-flow PAKE which remains secure if either party re-uses its state in multiple sessions, e.g. due to communication errors, thus strengthening existing notions of PAKE security. Third, we show two highly practical UC PAPKE schemes: a generic construction built from CCA-secure and anonymous PKE and an ideal cipher, and a direct construction based on the Decisional Diffie-Hellman assumption in the random oracle model. Finally, applying our PAPKE-to-PAKE compiler to the above PAPKE schemes we exhibit the first 2-round UC PAKE's with efficiency comparable to (unauthenticated) Diffie-Hellman Key Exchange.

Available format(s)
Public-key cryptography
Publication info
Preprint. Minor revision.
Password Authenticated Key ExchangeUniversal ComposabilityPublic Key EncryptionAuthentication
Contact author(s)
stanislawjarecki @ gmail com
tebradle @ uci edu
jiayux @ uci edu
anj @ zurich ibm com
gregory @ dfinity org
jan @ dfinity org
2019-03-05: last of 2 revisions
2019-02-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Tatiana Bradley and Jan Camenisch and Stanislaw Jarecki and Anja Lehmann and Gregory Neven and Jiayu Xu},
      title = {Password-Authenticated Public-Key Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2019/199},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.