Paper 2024/557

Permutation-Based Hash Chains with Application to Password Hashing

Charlotte Lefevre, Radboud University Nijmegen
Bart Mennink, Radboud University Nijmegen
Abstract

Hash chain based password systems are a useful way to guarantee authentication with one-time passwords. The core idea is specified in RFC 1760 as S/Key. At CCS 2017, Kogan et al. introduced T/Key, an improved password system where one-time passwords are only valid for a limited time period. They proved security of their construction in the random oracle model under a basic modeling of the adversary. In this work, we make various advances in the analysis and instantiation of hash chain based password systems. Firstly, we describe a slight generalization called U/Key that allows for more flexibility in the instantiation and analysis, and we develop a security model that refines the adversarial strength into offline and online complexity, that can be used beyond the random oracle model, and that allows to argue multi-user security directly. Secondly, we derive a new security proof of U/Key in the random oracle model, as well as dedicated and tighter security proofs of U/Key instantiated with a sponge construction and a truncated permutation. These dedicated security proofs, in turn, solve a problem of understanding the preimage resistance of a cascaded evaluation of the sponge construction. When applied to T/Key, these results improve significantly over the earlier results: whereas the originally suggested instantiation using SHA-256 uses a compression function that maps 768 bits into 256 bits, with a truncated permutation construction one can generically achieve 128 bits of security already with a permutation of size 256 bits.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in TOSC 2024
Keywords
one-time passwordshash chainT/KeyU/Keysecurity modelspongetruncated permutation
Contact author(s)
charlotte lefevre @ ru nl
b mennink @ cs ru nl
History
2024-11-27: last of 2 revisions
2024-04-10: received
See all versions
Short URL
https://ia.cr/2024/557
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/557,
      author = {Charlotte Lefevre and Bart Mennink},
      title = {Permutation-Based Hash Chains with Application to Password Hashing},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/557},
      year = {2024},
      url = {https://eprint.iacr.org/2024/557}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.