Partly to address this problem, symmetric and asymmetric PAKE protocols were developed to ensure that the messages exchanged during an authentication protocol reveal nothing about the passwords. However, these protocols inherently require at least two messages to be sent out: one from each party. This limitation hinders wider adoption, as the most common login flow consists of a single message from client to the login server. The ideal solution would retain the password privacy properties of asymmetric PAKEs while allowing the protocol to be a drop-in replacement into legacy password-over-TLS deployments.
With these requirements in mind, we introduce the notion of credential-hiding login, which enables a client to authenticate itself by sending a single message to the server, while ensuring the correct verification of credentials and maintaining credential privacy in the same strong sense as guaranteed by asymmetric PAKEs. We initiate a formal study of this primitive in the Universal Composability framework, design and implement a practical password-based protocol using identity-based encryption, and report on its performance. We also construct a variant of credential-hiding login for fuzzy secrets (e.g. biometrics), proven secure based on the Learning With Errors (LWE) assumption.
Category / Keywords: Password authentication, PAKE Date: received 1 Dec 2020 Contact author: lewi kevin k at gmail com,payman mohassel@gmail com,arnabr@gmail com Available format(s): PDF | BibTeX Citation Version: 20201202:100733 (All versions of this report) Short URL: ia.cr/2020/1509