Paper 2023/1457

Provable Security Analysis of the Secure Remote Password Protocol

Dennis Dayanikli, Hasso-Plattner-Institute, University of Potsdam
Anja Lehmann, Hasso-Plattner-Institute, University of Potsdam
Abstract

This paper analyses the Secure Remote Password Protocol (SRP) in the context of provable security. SRP is an asymmetric Password-Authenticated Key Exchange (aPAKE) protocol introduced in 1998. It allows a client to establish a shared cryptographic key with a server based on a password of potentially low entropy. Although the protocol was part of several standardization efforts, and is deployed in numerous commercial applications such as Apple Homekit, 1Password or Telegram, it still lacks a formal proof of security. This is mainly due to some of the protocol's design choices which were implemented to circumvent patent issues. Our paper gives the first security analysis of SRP in the universal composability (UC) framework. We show that SRP is UC-secure against passive eavesdropping attacks under the standard CDH assumption in the random oracle model. We then highlight a major protocol change designed to thwart active attacks and propose a new assumption -- the additive Simultaneous Diffie Hellman (aSDH) assumption -- under which we can guarantee security in the presence of an active attacker. Using this new assumption as well as the Gap CDH assumption, we prove security of the SRP protocol against active attacks. Our proof is in the "Angel-based UC framework", a relaxation of the UC framework which gives all parties access to an oracle with super-polynomial power. In our proof, we assume that all parties have access to a DDH oracle (limited to finite fields). We further discuss the plausibility of this assumption and which level of security can be shown without it.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
SRPPAKEasymmetric PAKEPassword AuthenticationKey Exchange
Contact author(s)
dennis dayanikli @ hpi de
anja lehmann @ hpi de
History
2023-09-24: approved
2023-09-22: received
See all versions
Short URL
https://ia.cr/2023/1457
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1457,
      author = {Dennis Dayanikli and Anja Lehmann},
      title = {Provable Security Analysis of the Secure Remote Password Protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1457},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1457}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.