Paper 2023/1434

An Efficient Strong Asymmetric PAKE Compiler Instantiable from Group Actions

Ian McQuoid, Oregon State University
Jiayu Xu, Oregon State University
Abstract

Password-authenticated key exchange (PAKE) is a class of protocols enabling two parties to convert a shared (possibly low-entropy) password into a high-entropy joint session key. Strong asymmetric PAKE (saPAKE), an extension that models the client-server setting where servers may store a client's password for repeated authentication, was the subject of standardization efforts by the IETF in 2019-20. In this work, we present the most computationally efficient saPAKE protocol so far: a compiler from PAKE to saPAKE which costs only 2 messages and 7 group exponentiations in total (3 for client and 4 for server) when instantiated with suitable underlying PAKE protocols. In addition to being efficient, our saPAKE protocol is conceptually simple and achieves the strongest notion of universally composable (UC) security. In addition to classical assumptions and classical PAKE, we may instantiate our PAKE-to-saPAKE compiler with cryptographic group actions, such as the isogeny-based CSIDH, and post-quantum PAKE. This yields the first saPAKE protocol from post-quantum assumptions as all previous constructions rely on cryptographic assumptions weak to Shor's algorithm.

Note: Corrected several minor typos

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in ASIACRYPT 2023
Contact author(s)
mcquoidi @ oregonstate edu
xujiay @ oregonstate edu
History
2023-10-06: revised
2023-09-21: received
See all versions
Short URL
https://ia.cr/2023/1434
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1434,
      author = {Ian McQuoid and Jiayu Xu},
      title = {An Efficient Strong Asymmetric {PAKE} Compiler Instantiable from Group Actions},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1434},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1434}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.