Cryptology ePrint Archive: Report 2020/1544

PAS-TA-U: PASsword-based Threshold Authentication with PASsword Update

Rachit Rawat and Mahabir Prasad Jhanwar

Abstract: A single-sign-on (SSO) is an authentication system that allows a user to log in with a single identity and password to any of several related, yet independent, server applications. SSO solutions eliminate the need for users to repeatedly prove their identities to different applications and hold different credentials for each application. Token-based authentication is commonly used to enable an SSO experience on the web, and on enterprise networks. A large body of work considers distributed token generation which can protect the long-term keys against a subset of breached servers. A recent work (CCS'18) introduced the notion of Password-based Threshold Authentication (PbTA) with the goal of making password-based token generation for SSO secure against server breaches that could compromise both long-term keys and user credentials. They also introduced a generic framework called PASTA that can instantiate a PbTA system.

The existing SSO systems built on distributed token generation techniques, including the PASTA framework, do not admit password-update functionality. In this work, we address this issue by proposing a password-update functionality into the PASTA framework. We call the modified framework PAS-TA-U.

As a concrete application, we instantiate PAS-TA-U to implement in Python a distributed SSH key manager for enterprise networks (ESKM) that also admits a password-update functionality for its clients. Our experiments show that the overhead of protecting secrets and credentials against breaches in our system compared to a traditional single server setup is low (average 119 ms in a 10-out-of-10 server setting on Internet with 80 ms round trip latency).

Category / Keywords: cryptographic protocols / Password-based Authentication, Threshold Cryptography

Original Publication (with minor differences): SPACE 2020: Tenth International Conference on Security, Privacy and Applied Cryptographic Engineering

Date: received 10 Dec 2020

Contact author: mahavir jhawar at ashoka edu in

Available format(s): PDF | BibTeX Citation

Version: 20201213:163946 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]