Universally Composable Two-Server PAKE

Two-Server Password Authenticated Key Exchange (2PAKE) protocols apply secret sharing techniques to achieve protection against server-compromise attacks. 2PAKE protocols eliminate the need for password hashing and remain secure as long as one of the servers remains honest. This concept has also been explored in connection with two-server password authenticated secret sharing (2PASS) protocols for which game-based and universally composable versions have been proposed. In contrast, universally composable PAKE protocols exist currently only in the single-server scenario and all proposed 2PAKE protocols use game-based security definitions.

[1]  David Pointcheval,et al.  Removing Erasures with Explainable Hash Proof Systems , 2017, IACR Cryptol. ePrint Arch..

[2]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[3]  Craig Gentry,et al.  A Method for Making Password-Based Key Exchange Resilient to Server Compromise , 2006, CRYPTO.

[4]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[5]  Michael Szydlo,et al.  Proofs for Two-Server Password Authentication , 2005, CT-RSA.

[6]  Markus Jakobsson,et al.  Threshold Password-Authenticated Key Exchange , 2002, Journal of Cryptology.

[7]  Jan Camenisch,et al.  Efficient Blind Signatures Without Random Oracles , 2004, SCN.

[8]  Robert H. Deng,et al.  A practical password-based two-server authentication and key exchange system , 2006, IEEE Transactions on Dependable and Secure Computing.

[9]  Aggelos Kiayias,et al.  Round-Optimal Password-Protected Secret Sharing and T-PAKE in the Password-Only Model , 2014, ASIACRYPT.

[10]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[11]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[12]  Jonathan Katz,et al.  Two-server password-only authenticated key exchange , 2005, J. Comput. Syst. Sci..

[13]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[14]  Jonathan Katz,et al.  Round-Optimal Password-Based Authenticated Key Exchange , 2011, Journal of Cryptology.

[15]  Atsuko Miyaji,et al.  Characterization of Elliptic Curve Traces under FR-Reduction , 2000, ICISC.

[16]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[17]  Jan Camenisch,et al.  Practical yet universally composable two-server password-authenticated secret sharing , 2012, CCS.

[18]  Yehuda Lindell,et al.  Universally Composable Password-Based Key Exchange , 2005, EUROCRYPT.

[19]  Ran Canetti,et al.  Universally composable signature, certification, and authentication , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[20]  Yehuda Lindell,et al.  Protocol Initialization for the Framework of Universal Composability , 2004, IACR Cryptol. ePrint Arch..

[21]  David Pointcheval,et al.  Smooth Projective Hashing for Conditionally Extractable Commitments , 2009, CRYPTO.

[22]  Jan Camenisch,et al.  Practical Group Signatures without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[23]  Rosario Gennaro,et al.  Provably secure threshold password-authenticated key exchange , 2003, J. Comput. Syst. Sci..

[24]  Duncan S. Wong,et al.  An Efficient Password-Only Two-Server Authenticated Key Exchange System , 2007, ICICS.

[25]  David Pointcheval,et al.  Verifier-Based Password-Authenticated Key Exchange: New Models and Constructions , 2013, IACR Cryptol. ePrint Arch..

[26]  David Pointcheval,et al.  SPHF-Friendly Non-interactive Commitments , 2013, ASIACRYPT.

[27]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[28]  Stanislaw Jarecki,et al.  Adaptively Secure Threshold Cryptography: Introducing Concurrency, Removing Erasures , 2000, EUROCRYPT.

[29]  Jan Camenisch,et al.  Two-Server Password-Authenticated Secret Sharing UC-Secure Against Transient Corruptions , 2015, Public Key Cryptography.

[30]  Thomas Wu,et al.  The SRP Authentication and Key Exchange System , 2000, RFC.

[31]  David Pointcheval,et al.  Trapdoor Smooth Projective Hash Functions , 2013, IACR Cryptol. ePrint Arch..

[32]  David Pointcheval,et al.  New Techniques for SPHFs and Efficient One-Round PAKE Protocols , 2013, IACR Cryptol. ePrint Arch..

[33]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[34]  Matthew Green,et al.  Correlation-Resistant Storage via Keyword-Searchable Encryption , 2005, IACR Cryptol. ePrint Arch..

[35]  Franziskus Kiefer,et al.  Distributed Smooth Projective Hashing and Its Application to Two-Server Password Authenticated Key Exchange , 2014, ACNS.

[36]  Ari Juels,et al.  A New Two-Server Approach for Authentication with Short Secrets , 2003, USENIX Security Symposium.

[37]  Ran Canetti,et al.  Universal Composition with Joint State , 2003, CRYPTO.

[38]  Yehuda Lindell,et al.  A Framework for Password-Based Authenticated Key Exchange , 2003, EUROCRYPT.