Paper 2022/989

Quantum-Resistant Password-Based Threshold Single-Sign-On Authentication with Updatable Server Private Key

Jingwei Jiang, Harbin Engineering University
Ding Wang, Nankai University
Guoyin Zhang, Harbin Engineering University
Zhiyuan Chen, Harbin Engineering University

Passwords are the most prevalent authentication mechanism and proliferate on nearly every new web service. As users are overloaded with the tasks of managing dozens even hundreds of passwords, accordingly password-based single-sign-on (SSO) schemes have been proposed. In password-based SSO schemes, the authentication server needs to maintain a sensitive password file, which is an attractive target for compromise and poses a single point of failure. Hence, the notion of password-based threshold authentication (PTA) system has been proposed. However, a static PTA system is threatened by perpetual leakage (e.g., the adversary perpetually compromises servers). In addition, most of the existing PTA schemes are built on the intractability of conventional hard problems and become insecure in the quantum era. In this work, we first propose a threshold oblivious pseudorandom function (TOPRF) to harden the password so that PTA schemes can resist offline password guessing attacks. Then, we employ the threshold homomorphic aggregate signature (THAS) over lattices to construct the first quantum-resistant password-based threshold single-sign-on authentication scheme with the updatable server private key. Our scheme resolves various issues arising from user corruption and server compromise, and it is formally proved secure against quantum adversaries. Comparison results show that our scheme is superior to its counterparts.

Note: V2

Available format(s)
Cryptographic protocols
Publication info
Password Single-Sign-On Threshold Authentication Oblivious Pseudorandom Function Lattice.
Contact author(s)
jiangjingwei @ hrbeu edu cn
wangding @ nankai edu cn
zhangguoyin @ hrbeu edu cn
chenzhiyuan @ hrbeu edu cn
2022-08-03: revised
2022-08-02: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial-NoDerivs


      author = {Jingwei Jiang and Ding Wang and Guoyin Zhang and Zhiyuan Chen},
      title = {Quantum-Resistant Password-Based Threshold Single-Sign-On Authentication with Updatable Server Private Key},
      howpublished = {Cryptology ePrint Archive, Paper 2022/989},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.