Paper 2023/1434
An Efficient Strong Asymmetric PAKE Compiler Instantiable from Group Actions
Abstract
Password-authenticated key exchange (PAKE) is a class of protocols enabling two parties to convert a shared (possibly low-entropy) password into a high-entropy joint session key. Strong asymmetric PAKE (saPAKE), an extension that models the client-server setting where servers may store a client's password for repeated authentication, was the subject of standardization efforts by the IETF in 2019-20. In this work, we present the most computationally efficient saPAKE protocol so far: a compiler from PAKE to saPAKE which costs only 2 messages and 7 group exponentiations in total (3 for client and 4 for server) when instantiated with suitable underlying PAKE protocols. In addition to being efficient, our saPAKE protocol is conceptually simple and achieves the strongest notion of universally composable (UC) security. In addition to classical assumptions and classical PAKE, we may instantiate our PAKE-to-saPAKE compiler with cryptographic group actions, such as the isogeny-based CSIDH, and post-quantum PAKE. This yields the first saPAKE protocol from post-quantum assumptions as all previous constructions rely on cryptographic assumptions weak to Shor's algorithm.
Note: Corrected several minor typos
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- A major revision of an IACR publication in ASIACRYPT 2023
- Contact author(s)
-
mcquoidi @ oregonstate edu
xujiay @ oregonstate edu - History
- 2023-10-06: revised
- 2023-09-21: received
- See all versions
- Short URL
- https://ia.cr/2023/1434
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1434,
author = {Ian McQuoid and Jiayu Xu},
title = {An Efficient Strong Asymmetric {PAKE} Compiler Instantiable from Group Actions},
howpublished = {Cryptology {ePrint} Archive, Paper 2023/1434},
year = {2023},
url = {https://eprint.iacr.org/2023/1434}
}
