In this paper, we provide a security analysis of CPace in the universal composability framework for implementations on elliptic-curve groups. When doing so, we restrict the use of random oracles to hash functions only and refrain from modeling CPace's MapToPoint function that maps field elements to curve points as an idealized function. As a result, CPace can be proven secure under standard complexity assumptions in the random-oracle model.
Finally, in order to extend our proofs to different CPace variants optimized for specific environments, we employ a new approach, which represents the assumptions required by the proof as libraries which a simulator can access. By allowing for the modular replacement of assumptions used in the proof, this new approach avoids a repeated analysis of unchanged protocol parts and lets us efficiently analyze the security guarantees of all the different CPace variants.
Category / Keywords: cryptographic protocols / Password authentication, universal composability, PAKE Date: received 31 Jan 2021 Contact author: michel abdalla at ens fr,bjoern m haase@web de,juliahesse2@gmail com Available format(s): PDF | BibTeX Citation Version: 20210201:072630 (All versions of this report) Short URL: ia.cr/2021/114