Paper 2024/1455

Threshold PAKE with Security against Compromise of all Servers

Yanqi Gu, University of California, Irvine
Stanislaw Jarecki, University of California, Irvine
Pawel Kedzior, University of Warsaw
Phillip Nazarian, University of California, Irvine
Jiayu Xu, Oregon State University
Abstract

We revisit the notion of threshold Password-Authenticated Key Exchange (tPAKE), and we extend it to augmented tPAKE (atPAKE), which protects password information even in the case all servers are compromised, except for allowing an (inevitable) offline dictionary attack. Compared to prior notions of tPAKE this is analogous to replacing symmetric PAKE, where the server stores the user's password, with an augmented (or asymmetric) PAKE, like OPAQUE [JKX18], where the server stores a password hash, which can be used only as a target in an offline dictionary search for the password. An atPAKE scheme also strictly improves on the security of an aPAKE, by secret-sharing the password hash among a set of servers. Indeed, our atPAKE protocol is a natural realization of threshold OPAQUE. We formalize atPAKE in the framework of Universal Composability (UC), and show practical ways to realize it. All our schemes are generic compositions which interface to any aPAKE used as a sub-protocol, making them easier to adopt. Our main scheme relies on threshold Oblivious Pseudorandom Function (tOPRF), and our independent contribution fixes a flaw in the UC tOPRF notion of [JKKX17] and upgrades the tOPRF scheme therein to achieve the fixed definition while preserving its minimal cost and round complexity. The technique we use enforces implicit agreement on arbitrary context information within threshold computation, and it is of general interest.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in ASIACRYPT 2024
Keywords
Threshold PAKEPAKEPassword Authenticated Key ExchangeThreshold CryptosystemsUniversal Composability
Contact author(s)
yanqig1 @ uci edu
stanislawjarecki @ gmail com
p kedzior @ mimuw edu pl
pnazaria @ uci edu
xujiay @ oregonstate edu
History
2024-09-18: revised
2024-09-18: received
See all versions
Short URL
https://ia.cr/2024/1455
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1455,
      author = {Yanqi Gu and Stanislaw Jarecki and Pawel Kedzior and Phillip Nazarian and Jiayu Xu},
      title = {Threshold {PAKE} with Security against Compromise of all Servers},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1455},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1455}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.