Paper 2024/569

An overview of symmetric fuzzy PAKE protocols

Johannes Ottenhues, University of St. Gallen
Abstract

Fuzzy password authenticated key exchange (fuzzy PAKE) protocols enable two parties to securely exchange a session-key for further communication. The parties only need to share a low entropy password. The passwords do not even need to be identical, but can contain some errors. This may be due to typos, or because the passwords were created from noisy biometric readings. In this paper we provide an overview and comparison of existing fuzzy PAKE protocols. Furthermore, we analyze certain security properties of these protocols and argue that the protocols can be expected to be slightly more secure in practice than can be inferred from their theoretical guarantees.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. GI-Edition Lecture Notes in Informatics
Keywords
Cryptographic ProtocolsKey-ExchangeFuzzy PAKEBiometrics
Contact author(s)
johannes ottenhues @ posteo org
History
2024-04-12: approved
2024-04-12: received
See all versions
Short URL
https://ia.cr/2024/569
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX 

@misc{cryptoeprint:2024/569,
      author = {Johannes Ottenhues},
      title = {An overview of symmetric fuzzy {PAKE} protocols},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/569},
      year = {2024},
      url = {https://eprint.iacr.org/2024/569}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.