Paper 2023/324

LATKE: An identity-binding PAKE from lattice assumptions

Michael Rosenberg, University of Maryland, College Park
Abstract

In a recent work, Cremers, Naor, Paz, and Ronen (CRYPTO '22) point out the problem of catastrophic impersonation in balanced password authenticated key exchange protocols (PAKEs). Namely, in a balanced PAKE, when a single party is compromised, the attacker learns the password and can subsequently impersonate anyone to anyone using the same password. The authors of the work present two solutions to this issue: CHIP, an identity-binding PAKE (iPAKE), and CRISP, a strong identity-binding PAKE (siPAKE). These constructions prevent the impersonation attack by generating a secret key on setup that is inextricably tied to the party's identity, and then deleting the password. Thus, upon compromise, all an attacker can immediately do is impersonate the victim. The strong variant goes further, preventing attackers from performing any precomputation before the compromise occurs. In this work we present LATKE, an iPAKE from lattice assumptions in the random oracle model. In order to achieve security and correctness, we must make changes to CHIP's primitives, security models, and protocol structure.

Note: We discovered an error in the composition of the two primary components of the LATKE construction, yielding a significant key recovery attack. We have added a disclaimer on the first page of this version explaining the error. This shortcoming will be fixed in a future version of this paper.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
key agreementpassword-based cryptographyIIoTpost-quantum cryptography
Contact author(s)
micro @ cs umd edu
History
2023-06-20: revised
2023-03-05: received
See all versions
Short URL
https://ia.cr/2023/324
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/324,
      author = {Michael Rosenberg},
      title = {LATKE: An identity-binding PAKE from lattice assumptions},
      howpublished = {Cryptology ePrint Archive, Paper 2023/324},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/324}},
      url = {https://eprint.iacr.org/2023/324}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.