Cryptology ePrint Archive: Report 2020/320

Universally Composable Relaxed Password Authenticated Key Exchange

Michel Abdalla and Manuel Barbosa and Tatiana Bradley and Stanislaw Jarecki and Jonathan Katz and Jiayu Xu

Abstract: Protocols for password authenticated key exchange (PAKE) allow two parties who share only a weak password to agree on a cryptographically strong key. We revisit the notion of PAKE in the framework of universal composability, and propose a relaxation of the PAKE functionality of Canetti et al. that we call lazy-extraction PAKE (lePAKE). Roughly, our relaxation allows the ideal-world adversary to postpone its password guess even until after a session is complete. We argue that this relaxed notion still provides meaningful security in the password-only setting. As our main result, we show that several PAKE protocols that were previously only proven secure with respect to a "game-based" definition can in fact be shown to realize the lePAKE functionality in the random-oracle model. These include SPEKE, SPAKE2, and TBPEKE, the most efficient PAKE schemes currently known.

Category / Keywords: cryptographic protocols / Password authentication, key exchange, universal composability, PAKE

Date: received 15 Mar 2020

Contact author: michel abdalla at ens fr, mbb at fc up pt, tebradle at uci edu, sjarecki at uci edu, jkatz2 at gmail com, jiayux at umd edu

Available format(s): PDF | BibTeX Citation

Version: 20200315:162956 (All versions of this report)

Short URL: ia.cr/2020/320