Paper 2021/114
Security Analysis of CPace
Michel Abdalla, Björn Haase, and Julia Hesse
Abstract
In response to standardization requests regarding password-authenticated key exchange (PAKE) protocols, the IRTF working group CFRG has setup a PAKE selection process in 2019, which led to the selection of the CPace protocol in the balanced setting, in which parties share a common password. In subsequent standardization efforts, the CPace protocol further developed, yielding a protocol family whose actual security guarantees in practical settings are not well understood. In this paper, we provide a comprehensive security analysis of CPace in the universal composability framework. Our analysis is realistic in the sense that it captures adaptive corruptions and refrains from modeling CPace's MapToPoint function that maps field elements to curve points as an idealized function. In order to extend our proofs to different CPace variants optimized for specific elliptic-curve ecosystems, we employ a new approach which represents the assumptions required by the proof as libraries accessed by a simulator. By allowing for the modular replacement of assumptions used in the proof, this new approach avoids a repeated analysis of unchanged protocol parts and lets us efficiently analyze the security guarantees of all the different CPace variants. As a result of our analysis, all of the investigated practical CPace variants enjoy adaptive UC security.
Note: Added appendix with game-based proof.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- A major revision of an IACR publication in ASIACRYPT 2021
- Keywords
- Password authenticationuniversal composabilityPAKE
- Contact author(s)
-
michel abdalla @ gmail com
bjoern m haase @ web de
juliahesse2 @ gmail com - History
- 2021-10-11: last of 3 revisions
- 2021-02-01: received
- See all versions
- Short URL
- https://ia.cr/2021/114
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/114, author = {Michel Abdalla and Björn Haase and Julia Hesse}, title = {Security Analysis of {CPace}}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/114}, year = {2021}, url = {https://eprint.iacr.org/2021/114} }