Paper 2020/1043
Minimal Symmetric PAKE and 1-out-of-N OT from Programmable-Once Public Functions
Abstract
Symmetric password-authenticated key exchange (sPAKE) can be seen as an extension of traditional key exchange where two parties agree on a shared key if and only if they share a common secret (possibly low-entropy) password. We present the first sPAKE protocol to simultaneously achieve the following properties:
- only two exponentiations per party, the same as plain unauthenticated Diffie-Hellman key agreement (and likely optimal);
- optimal round complexity: a single flow (one message from each party that can be sent in parallel) to achieve implicit authentication, or two flows to achieve explicit mutual authentication;
- security in the random oracle model, rather than ideal cipher or generic group model;
- UC security, rather than game-based.
Our protocol is a generalization of the seminal EKE protocol of Bellovin & Merritt (S&P 1992).
We also present a UC-secure 1-out-of-
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Minor revision. ACM CCS 2020
- DOI
- 10.1145/3372297.3417870
- Keywords
- password-authenticated key exchangeoblivious transfer
- Contact author(s)
-
rosulekm @ eecs oregonstate edu
ldr709 @ gmail com - History
- 2025-02-20: revised
- 2020-08-28: received
- See all versions
- Short URL
- https://ia.cr/2020/1043
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/1043, author = {Ian McQuoid and Mike Rosulek and Lawrence Roy}, title = {Minimal Symmetric {PAKE} and 1-out-of-N {OT} from Programmable-Once Public Functions}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/1043}, year = {2020}, doi = {10.1145/3372297.3417870}, url = {https://eprint.iacr.org/2020/1043} }