Paper 2024/1455
Threshold PAKE with Security against Compromise of all Servers
Abstract
We revisit the notion of threshold Password-Authenticated Key Exchange (tPAKE), and we extend it to augmented tPAKE (atPAKE), which protects password information even in the case all servers are compromised, except for allowing an (inevitable) offline dictionary attack. Compared to prior notions of tPAKE this is analogous to replacing symmetric PAKE, where the server stores the user's password, with an augmented (or asymmetric) PAKE, like OPAQUE [JKX18], where the server stores a password hash, which can be used only as a target in an offline dictionary search for the password. An atPAKE scheme also strictly improves on the security of an aPAKE, by secret-sharing the password hash among a set of servers. Indeed, our atPAKE protocol is a natural realization of threshold OPAQUE. We formalize atPAKE in the framework of Universal Composability (UC), and show practical ways to realize it. All our schemes are generic compositions which interface to any aPAKE used as a sub-protocol, making them easier to adopt. Our main scheme relies on threshold Oblivious Pseudorandom Function (tOPRF), and our independent contribution fixes a flaw in the UC tOPRF notion of [JKKX17] and upgrades the tOPRF scheme therein to achieve the fixed definition while preserving its minimal cost and round complexity. The technique we use enforces implicit agreement on arbitrary context information within threshold computation, and it is of general interest.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- A major revision of an IACR publication in ASIACRYPT 2024
- Keywords
- Threshold PAKEPAKEPassword Authenticated Key ExchangeThreshold CryptosystemsUniversal Composability
- Contact author(s)
-
yanqig1 @ uci edu
stanislawjarecki @ gmail com
p kedzior @ mimuw edu pl
pnazaria @ uci edu
xujiay @ oregonstate edu - History
- 2024-09-18: revised
- 2024-09-18: received
- See all versions
- Short URL
- https://ia.cr/2024/1455
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1455, author = {Yanqi Gu and Stanislaw Jarecki and Pawel Kedzior and Phillip Nazarian and Jiayu Xu}, title = {Threshold {PAKE} with Security against Compromise of all Servers}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1455}, year = {2024}, url = {https://eprint.iacr.org/2024/1455} }