You are looking at a specific version 20200712:185515 of this paper. See the latest version.

Paper 2020/529

CRISP: Compromise Resilient Identity-based Symmetric PAKE

Moni Naor and Shahar Paz and Eyal Ronen

Abstract

Password Authenticated Key Exchange (PAKE) protocols allow parties to establish a shared key based only on the knowledge of a password, without leaking any information about it. In this work, we propose a novel notion called ``Identity-based PAKE'' (iPAKE) that is resilient to the compromise of one or more parties. iPAKE protocols protect all parties in a symmetric setting, whereas in Asymmetric PAKE (aPAKE) only one party (a server) is protected. Binding each party to its identity prevents impersonation between devices with different roles and allows the revocation of compromised parties. We further strengthen the notion by introducing ``Strong iPAKE'' (siPAKE), similar to ``Strong aPAKE'' (saPAKE), which is additionally immune to pre-computation. To mount an (inevitable) offline dictionary attack, an adversary must first compromise a device and only then start an exhaustive search over the entire password dictionary. Rather than storing its password in the clear, each party derives a password file using its identity and a secret random salt (``salted hash''). Although the random salts are independently selected, any pair of parties is able to establish a cryptographically secure shared key from these files. We formalize iPAKE and siPAKE notions in the Universally Composable (UC) framework. We propose a compiler from PAKE to iPAKE using Identity-Based Key-Agreement and prove its UC-security in the Random Oracle Model (ROM). We then present CRISP: a construction of siPAKE from any PAKE using bilinear groups with ``Hash2Curve''. We prove CRISP's UC-security in the Generic Group Model (GGM) and show that each offline password guess requires at least one pairing operation.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
Password authenticationIdentity based key exchangePAKE
Contact author(s)
eyal ronen @ cs tau ac il
History
2022-08-17: last of 4 revisions
2020-05-06: received
See all versions
Short URL
https://ia.cr/2020/529
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.