Paper 2023/1368
Towards post-quantum secure PAKE - A tight security proof for OCAKE in the BPR model
Abstract
We revisit OCAKE (ACNS 23), a generic recipe that constructs password-based authenticated key exchange (PAKE) from key encapsulation mechanisms (KEMs), to allow instantiations with post-quantums KEM like KYBER. The ACNS23 paper left as an open problem to argue security against quantum attackers, with its security proof being in the universal composability (UC) framework. This is common for PAKE, however, at the time of this submission’s writing, it was not known how to prove (computational) UC security against quantum adversaries. Doing this becomes even more involved if the proof uses idealizations like random oracles or ideal ciphers. To pave the way towards post-quantum security proofs, we therefore resort to a (still classical) game-based security proof in the BPR model (EUROCRYPT 2000). We consider this a crucial stepping stone towards a fully satisfying post-quantum security proof. We also hope that a game-based proof is easier to (potentially formally) verify. We prove security of (a minor variation of) OCAKE, assuming the underlying KEM satisfies notions of ciphertext indistinguishability, anonymity, and (computational) public-key uniformity. Using multi-user variants of these properties, we achieve tight security bounds. We provide a full detailed proof – something often omitted in publications on game-based security of PAKE. As a side-contribution, we demonstrate in detail how to handle password guesses, which is something we were unable to find in the existing literature at the time of writing. Finally, we discuss which current PQC KEMs can be plugged into the proposed protocol and provide a concrete instantiation, accompanied by a proof-of-concept implementation and respective run-time benchmarks.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Major revision. CANS'24
- Keywords
- Public-key cryptographypassword-based AKEPAKECAKEOCAKEpost-quantum cryptographyROMgame-based security.
- Contact author(s)
-
nouri alnahawi @ h-da de
kathrin @ hoevelmanns net
andreas @ huelsing net
s ritsch @ tue nl
alexander wiesmaier @ h-da de - History
- 2024-07-24: last of 2 revisions
- 2023-09-12: received
- See all versions
- Short URL
- https://ia.cr/2023/1368
- License
-
CC0
BibTeX
@misc{cryptoeprint:2023/1368, author = {Nouri Alnahawi and Kathrin Hövelmanns and Andreas Hülsing and Silvia Ritsch and Alexander Wiesmaier}, title = {Towards post-quantum secure {PAKE} - A tight security proof for {OCAKE} in the {BPR} model}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1368}, year = {2023}, url = {https://eprint.iacr.org/2023/1368} }