Paper 2020/987

Fuzzy Asymmetric Password-Authenticated Key Exchange

Andreas Erwig, Julia Hesse, Maximilian Orlt, and Siavash Riahi


Password-Authenticated Key Exchange (PAKE) lets users with passwords exchange a cryptographic key. There have been two variants of PAKE which make it more applicable to real-world scenarios: - Asymmetric PAKE (aPAKE), which aims at protecting a client's password even if the authentication server is untrusted, and - Fuzzy PAKE (fPAKE), which enables key agreement even if passwords of users are noisy, but ``close enough''. Supporting fuzzy password matches eases the use of higher entropy passwords and enables using biometrics and environmental readings (both of which are naturally noisy). Until now, both variants of PAKE have been considered only in separation. In this paper, we consider both of them simultaneously. We introduce the notion of Fuzzy Asymmetric PAKE (fuzzy aPAKE), which protects against untrusted servers and supports noisy passwords. We formulate our new notion in the Universal Composability framework of Canetti (FOCS'01), which is the preferred model for password-based primitives. We then show that fuzzy aPAKE can be obtained from oblivious transfer and some variant of robust secret sharing (Cramer et al, EC'15). We achieve security against malicious parties while avoiding expensive tools such as non-interactive zero-knowledge proofs. Our construction is round-optimal, with message and password file sizes that are independent of the schemes error tolerance.

Available format(s)
Cryptographic protocols
Publication info
Key ExchangeaPAKEFuzzinessUniversal Composability
Contact author(s)
siavash riahi @ tu-darmstadt de
2020-08-18: received
Short URL
Creative Commons Attribution


      author = {Andreas Erwig and Julia Hesse and Maximilian Orlt and Siavash Riahi},
      title = {Fuzzy Asymmetric Password-Authenticated Key Exchange},
      howpublished = {Cryptology ePrint Archive, Paper 2020/987},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.