Paper 2020/320

Universally Composable Relaxed Password Authenticated Key Exchange

Michel Abdalla, Manuel Barbosa, Tatiana Bradley, Stanislaw Jarecki, Jonathan Katz, and Jiayu Xu


Protocols for password authenticated key exchange (PAKE) allow two parties who share only a weak password to agree on a cryptographically strong key. We revisit the notion of PAKE in the framework of universal composability, and propose a relaxation of the PAKE functionality of Canetti et al. that we call lazy-extraction PAKE (lePAKE). Roughly, our relaxation allows the ideal-world adversary to postpone its password guess even until after a session is complete. We argue that this relaxed notion still provides meaningful security in the password-only setting. As our main result, we show that several PAKE protocols that were previously only proven secure with respect to a "game-based" definition can in fact be shown to realize the lePAKE functionality in the random-oracle model. These include SPEKE, SPAKE2, and TBPEKE, the most efficient PAKE schemes currently known.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Password authenticationkey exchangeuniversal composabilityPAKE
Contact author(s)
michel abdalla @ ens fr
mbb @ fc up pt
tebradle @ uci edu
sjarecki @ uci edu
jkatz2 @ gmail com
jiayux @ umd edu
2020-03-15: received
Short URL
Creative Commons Attribution


      author = {Michel Abdalla and Manuel Barbosa and Tatiana Bradley and Stanislaw Jarecki and Jonathan Katz and Jiayu Xu},
      title = {Universally Composable Relaxed Password Authenticated Key Exchange},
      howpublished = {Cryptology ePrint Archive, Paper 2020/320},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.