Paper 2022/286

Provably Secure Identity-Based Remote Password Registration

Csanád Bertók, Andrea Huszti, Szabolcs Kovács, and Norbert Oláh

Abstract

One of the most significant challenges is the secure user authentication. If it becomes breached, confidentiality and integrity of the data or services may be compromised. The most widespread solution for entity authentication is the password-based scheme. It is easy to use and deploy. During password registration typically users create or activate their account along with their password through their verification email, and service providers are authenticated based on their SSL/TLS certificate. We propose a password registration scheme based on identity-based cryptography, i.e. both the user and the service provider are authenticated by their short-lived identity-based secret key. For secure storage a bilinear map with a salt is applied, therefore in case of an offline attack the adversary is forced to calculate a computationally expensive bilinear map for each password candidate and salt that slows down the attack. New adversarial model with new secure password registration scheme are introduced. We show that the proposed protocol is based on the assumptions that Bilinear Diffie-Hellman problem is computationally infeasible, bilinear map is a one-way function and Mac is existentially unforgeable under an adaptive chosen-message attack.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
identity-based cryptographypassword registrationprovable securityblind registration
Contact author(s)
bertok csanad @ inf unideb hu
History
2022-03-07: received
Short URL
https://ia.cr/2022/286
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/286,
      author = {Csanád Bertók and Andrea Huszti and Szabolcs Kovács and Norbert Oláh},
      title = {Provably Secure Identity-Based Remote Password Registration},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/286},
      year = {2022},
      url = {https://eprint.iacr.org/2022/286}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.