Paper 2024/557
Permutation-Based Hash Chains with Application to Password Hashing
Abstract
Hash chain based password systems are a useful way to guarantee authentication with one-time passwords. The core idea is specified in RFC 1760 as S/Key. At CCS 2017, Kogan et al. introduced T/Key, an improved password system where one-time passwords are only valid for a limited time period. They proved security of their construction in the random oracle model under a basic modeling of the adversary. In this work, we make various advances in the analysis and instantiation of hash chain based password systems. Firstly, we describe a slight generalization called U/Key that allows for more flexibility in the instantiation and analysis, and we develop a security model that refines the adversarial strength into offline and online complexity, that can be used beyond the random oracle model, and that allows to argue multi-user security directly. Secondly, we derive a new security proof of U/Key in the random oracle model, as well as dedicated and tighter security proofs of U/Key instantiated with a sponge construction and a truncated permutation. These dedicated security proofs, in turn, solve a problem of understanding the preimage resistance of a cascaded evaluation of the sponge construction. When applied to T/Key, these results improve significantly over the earlier results: whereas the originally suggested instantiation using SHA-256 uses a compression function that maps 768 bits into 256 bits, with a truncated permutation construction one can generically achieve 128 bits of security already with a permutation of size 256 bits.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published by the IACR in TOSC 2024
- Keywords
- one-time passwordshash chainT/KeyU/Keysecurity modelspongetruncated permutation
- Contact author(s)
-
charlotte lefevre @ ru nl
b mennink @ cs ru nl - History
- 2024-11-27: last of 2 revisions
- 2024-04-10: received
- See all versions
- Short URL
- https://ia.cr/2024/557
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/557, author = {Charlotte Lefevre and Bart Mennink}, title = {Permutation-Based Hash Chains with Application to Password Hashing}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/557}, year = {2024}, url = {https://eprint.iacr.org/2024/557} }