Paper 2023/1827

Key Exchange in the Post-Snowden Era: Universally Composable Subversion-Resilient PAKE

Suvradip Chakraborty, VISA Research
Lorenzo Magliocco, Sapienza University of Rome
Bernardo Magri, University of Manchester, Primev
Daniele Venturi, Sapienza University of Rome
Abstract

Password-Authenticated Key Exchange (PAKE) allows two parties to establish a common high-entropy secret from a possibly low-entropy pre-shared secret such as a password. In this work, we provide the first PAKE protocol with subversion resilience in the framework of universal composability (UC), where the latter roughly means that UC security still holds even if one of the two parties is malicious and the honest party's code has been subverted (in an undetectable manner). We achieve this result by sanitizing the PAKE protocol from oblivious transfer (OT) due to Canetti et al. (PKC'12) via cryptographic reverse firewalls in the UC framework (Chakraborty et al., EUROCRYPT'22). This requires new techniques, which help us uncover new cryptographic primitives with sanitation-friendly properties along the way (such as OT, dual-mode cryptosystems, and signature schemes). As an additional contribution, we delve deeper in the backbone of communication required in the subversion-resilient UC framework, extending it to the unauthenticated setting, in line with the work of Barak et al. (CRYPTO'05).

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A major revision of an IACR publication in ASIACRYPT 2024
Keywords
PAKEsubversion resilienceuniversal composability
Contact author(s)
suvradip1111 @ gmail com
magliocco @ di uniroma1 it
bernardo magri @ manchester ac uk
venturi @ di uniroma1 it
History
2024-11-24: revised
2023-11-28: received
See all versions
Short URL
https://ia.cr/2023/1827
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1827,
      author = {Suvradip Chakraborty and Lorenzo Magliocco and Bernardo Magri and Daniele Venturi},
      title = {Key Exchange in the Post-Snowden Era: Universally Composable Subversion-Resilient {PAKE}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1827},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1827}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.