Paper 2023/1368

Towards post-quantum secure PAKE - A tight security proof for OCAKE in the BPR model

Nouri Alnahawi, Hochschule Darmstadt
Kathrin Hövelmanns, Eindhoven University of Technology
Andreas Hülsing, Eindhoven University of Technology
Silvia Ritsch, Eindhoven University of Technology
Alexander Wiesmaier, Hochschule Darmstadt
Abstract

We revisit OCAKE (ACNS 23), a generic recipe that constructs password-based authenticated key exchange (PAKE) from key encapsulation mechanisms (KEMs), to allow instantiations with post-quantums KEM like KYBER. The ACNS23 paper left as an open problem to argue security against quantum attackers, with its security proof being in the universal composability (UC) framework. This is common for PAKE, however, at the time of this submission’s writing, it was not known how to prove (computational) UC security against quantum adversaries. Doing this becomes even more involved if the proof uses idealizations like random oracles or ideal ciphers. To pave the way towards post-quantum security proofs, we therefore resort to a (still classical) game-based security proof in the BPR model (EUROCRYPT 2000). We consider this a crucial stepping stone towards a fully satisfying post-quantum security proof. We also hope that a game-based proof is easier to (potentially formally) verify. We prove security of (a minor variation of) OCAKE, assuming the underlying KEM satisfies notions of ciphertext indistinguishability, anonymity, and (computational) public-key uniformity. Using multi-user variants of these properties, we achieve tight security bounds. We provide a full detailed proof – something often omitted in publications on game-based security of PAKE. As a side-contribution, we demonstrate in detail how to handle password guesses, which is something we were unable to find in the existing literature at the time of writing. Finally, we discuss which current PQC KEMs can be plugged into the proposed protocol and provide a concrete instantiation, accompanied by a proof-of-concept implementation and respective run-time benchmarks.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. CANS'24
Keywords
Public-key cryptographypassword-based AKEPAKECAKEOCAKEpost-quantum cryptographyROMgame-based security.
Contact author(s)
nouri alnahawi @ h-da de
kathrin @ hoevelmanns net
andreas @ huelsing net
s ritsch @ tue nl
alexander wiesmaier @ h-da de
History
2024-07-24: last of 2 revisions
2023-09-12: received
See all versions
Short URL
https://ia.cr/2023/1368
License
No rights reserved
CC0

BibTeX

@misc{cryptoeprint:2023/1368,
      author = {Nouri Alnahawi and Kathrin Hövelmanns and Andreas Hülsing and Silvia Ritsch and Alexander Wiesmaier},
      title = {Towards post-quantum secure {PAKE} - A tight security proof for {OCAKE} in the {BPR} model},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1368},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1368}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.