Paper 2020/529
CHIP and CRISP: Compromise Resilient Identity-based Symmetric PAKEs
Moni Naor and Shahar Paz and Eyal Ronen
Abstract
Password Authenticated Key Exchange (PAKE) protocols allow parties to establish a shared key based only on the knowledge of a low entropy password. In this work, we propose a novel notion called ``Identity-based PAKE'' (iPAKE) -- providing resilience against compromise of one or more parties. iPAKE protocols protect all parties in the symmetric setting, whereas in Asymmetric PAKE (aPAKE) only one party (a server) is protected w.r.t compromise. Binding each party to its identity prevents impersonation between devices with different roles and allows the revocation of compromised parties. We achieve this by using ideas from Identity-Based Key-Agreement (IB-KA) while using only a low entropy password, without requiring a trusted center. We further strengthen the notion by introducing ``Strong iPAKE'' (siPAKE) that is additionally immune to pre-computation (analogous to ``Strong aPAKE'' (saPAKE) strengthening of aPAKE). To mount an (inevitable) offline dictionary attack, an adversary must first compromise a device and only then start an exhaustive search over the entire password dictionary. Rather than storing its password in the clear, each party derives a password file using its identity and a secret random salt (``salted hash''). The challenge is that although the random salts are independently selected, any pair of parties should be able to establish a cryptographically secure shared key from these files. We formalize the iPAKE and siPAKE notions in the Universally Composable (UC) framework. We propose CHIP: a compiler from PAKE to iPAKE using IB-KA and prove its UC-security in the Random Oracle Model (ROM). We then present CRISP: a construction of siPAKE from any PAKE using bilinear groups with ``Hash2Curve''. We prove CRISP's UC-security in the Generic Group Model (GGM) and show that each offline password guess requires at least one pairing operation.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- Password authenticationIdentity based key exchangePAKE
- Contact author(s)
- eyal ronen @ cs tau ac il
- History
- 2022-08-17: last of 4 revisions
- 2020-05-06: received
- See all versions
- Short URL
- https://ia.cr/2020/529
- License
-
CC BY