Two-Round Password-Based Authenticated Key Exchange from Lattices

Password-based authenticated key exchange (PAKE) allows participants sharing low-entropy passwords to agree on cryptographically strong session keys over insecure networks. In this paper, we present two PAKE protocols from lattices in the two-party and three-party settings, respectively, which can resist quantum attacks and achieve mutual authentication. The protocols in this paper achieve two rounds of communication by carefully utilizing the splittable properties of the underlying primitive, a CCA (Chosen-Ciphertext Attack)-secure public key encryption (PKE) scheme with associated nonadaptive approximate smooth projection hash (NA-ASPH) system. Compared with other related protocols, the proposed two-round PAKE protocols have relatively less communication and computation overhead. In particular, the two-round 3PAKE is more practical in large-scale communication systems.

[1]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[2]  Yehuda Lindell,et al.  Session-Key Generation Using Human Passwords Only , 2001, Journal of Cryptology.

[3]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[4]  Pla Information Password Authenticated Key Exchange Protocol in the Three Party Setting Based on Lattices , 2013 .

[5]  Zengpeng Li,et al.  Achieving One-Round Password-Based Authenticated Key Exchange over Lattices , 2019, IEEE Transactions on Services Computing.

[6]  Fan Hui-lian,et al.  Attribute Reduction Algorithm Based on Multi-objective Evolution , 2012 .

[7]  Dawu Gu,et al.  Provably secure three-party password-based authenticated key exchange protocol , 2012, Inf. Sci..

[8]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[9]  Li Gong,et al.  Optimal authentification protocols resistant to password guessing attacks , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[10]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[11]  Ping Wang,et al.  Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks , 2018, IEEE Transactions on Industrial Informatics.

[12]  Yi Ding,et al.  Efficient Password-Based Authenticated Key Exchange from Lattices , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[13]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[14]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[15]  Guang Gong,et al.  Password Based Key Exchange with Mutual Authentication , 2004, IACR Cryptol. ePrint Arch..

[16]  Mohammad S. Obaidat,et al.  A provably secure and efficient two‐party password‐based explicit authenticated key exchange protocol resistance to password guessing attacks , 2015, Concurr. Comput. Pract. Exp..

[17]  Jonathan Katz,et al.  Smooth Projective Hashing and Password-Based Authenticated Key Exchange from Lattices , 2009, ASIACRYPT.

[18]  David Pointcheval,et al.  Disjunctions for Hash Proof Systems: New Constructions and Applications , 2015, EUROCRYPT.

[19]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[20]  Wang Jiandong Three-party Authentication Key Exchange Protocol Based on Password , 2012 .

[21]  Gene Tsudik,et al.  Refinement and extension of encrypted key exchange , 1995, OPSR.

[22]  Yehuda Lindell,et al.  A framework for password-based authenticated key exchange1 , 2006, TSEC.

[23]  Jerome H. Saltzer,et al.  Reducing risks from poorly chosen keys , 1989, SOSP '89.

[24]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[25]  FarashMohammad Sabzinejad,et al.  A provably secure and efficient two-party password-based explicit authenticated key exchange protocol resistance to password guessing attacks , 2015 .

[26]  Jianhua Chen,et al.  Provably Secure Three-party Password Authenticated Key Exchange Protocol Based On Ring Learning With Error , 2017, IACR Cryptol. ePrint Arch..

[27]  Wang Fang ECDSA-based Password Authenticated Key Exchange Protocol for Three-party , 2012 .

[28]  Rosario Gennaro,et al.  Provably secure threshold password-authenticated key exchange , 2003, J. Comput. Syst. Sci..

[29]  David Pointcheval,et al.  New Techniques for SPHFs and Efficient One-Round PAKE Protocols , 2013, IACR Cryptol. ePrint Arch..

[30]  Emmanuel Bresson,et al.  Security proofs for an efficient password-based key exchange , 2003, CCS '03.

[31]  Rafail Ostrovsky,et al.  Efficient and secure authenticated key exchange using weak passwords , 2009, JACM.

[32]  Jonathan Katz,et al.  Two-server password-only authenticated key exchange , 2005, J. Comput. Syst. Sci..

[33]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[34]  Jonathan Katz,et al.  A new framework for efficient password-based authenticated key exchange , 2010, CCS '10.

[35]  Jiang Zhang,et al.  Two-Round PAKE from Approximate SPH and Instantiations from Lattices , 2017, ASIACRYPT.

[36]  Wang Guojun,et al.  Research on Group-based C2C E-commerce Trust Model , 2012 .