Paper 2021/114
Security Analysis of CPace
Michel Abdalla and Björn Haase and Julia Hesse
Abstract
In response to standardization requests regarding password-authenticated key exchange (PAKE) protocols, the IRTF working group CFRG has setup a PAKE selection process in 2019, which led to the selection of the CPace protocol in the balanced setting, in which parties share a common password. In this paper, we provide a security analysis of CPace in the universal composability framework for implementations on elliptic-curve groups. When doing so, we restrict the use of random oracles to hash functions only and refrain from modeling CPace's MapToPoint function that maps field elements to curve points as an idealized function. As a result, CPace can be proven secure under standard complexity assumptions in the random-oracle model. Finally, in order to extend our proofs to different CPace variants optimized for specific environments, we employ a new approach, which represents the assumptions required by the proof as libraries which a simulator can access. By allowing for the modular replacement of assumptions used in the proof, this new approach avoids a repeated analysis of unchanged protocol parts and lets us efficiently analyze the security guarantees of all the different CPace variants.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- Password authenticationuniversal composabilityPAKE
- Contact author(s)
- michel abdalla @ ens fr,bjoern m haase @ web de,juliahesse2 @ gmail com
- History
- 2021-10-11: last of 3 revisions
- 2021-02-01: received
- See all versions
- Short URL
- https://ia.cr/2021/114
- License
-
CC BY