Efficient Password-Authenticated Key Exchange from RLWE Based on Asymmetric Key Consensus

A password-authenticated key exchange (PAKE) protocol allows two entities sharing a password to perform mutual authentication and establish a session key. Benefiting from the use of a low-entropy human-memorable password, PAKE avoids the use of PKI in the authentication process, making it more flexible and cheaper. However, with the development of quantum computing, protocols based on classical assumptions will no longer be secure, so designing a PAKE protocol capable of resisting quantum attacks has become an important research direction. In this work, we propose an efficient PAKE protocol using a new error reconciliation mechanism based on the ring learning with errors (RLWE) problem, which is considered to resist quantum attacks. Our protocol is proven security under the Bellare-Pointcheval-Rogaway (BPR) model. The protocol is implemented using the C language, which is highly portable, and is also optimized utilizing the Advanced Vector Extensions 2 (AVX2) instruction set. Compared with the C implementation of Ding’s protocol, our reference C implementation is more than 12x faster, and the efficiency is doubled after AVX2 optimization. Moreover, by choosing the appropriate parameters, the security strength of our scheme is improved and the message size is reduced.

[1]  Peter Schwabe,et al.  Software Speed Records for Lattice-Based Signatures , 2013, PQCrypto.

[2]  Zhengzhong Jin,et al.  Optimal Key Consensus in Presence of Noise , 2016, IACR Cryptol. ePrint Arch..

[3]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, EUROCRYPT.

[4]  Jintai Ding,et al.  Provably Secure Password Authenticated Key Exchange Based on RLWE for the Post-Quantum World , 2017, CT-RSA.

[5]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[6]  Jintai Ding,et al.  A Simple Provably Secure Key Exchange Scheme Based on the Learning with Errors Problem , 2012, IACR Cryptol. ePrint Arch..

[7]  Damien Stehlé,et al.  CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM , 2017, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[8]  Craig Costello,et al.  Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem , 2015, 2015 IEEE Symposium on Security and Privacy.

[9]  Jonathan Katz,et al.  Smooth Projective Hashing and Password-Based Authenticated Key Exchange from Lattices , 2009, ASIACRYPT.

[10]  Jiang Zhang,et al.  Two-Round PAKE from Approximate SPH and Instantiations from Lattices , 2017, ASIACRYPT.

[11]  Erdem Alkim,et al.  Post-quantum Key Exchange - A New Hope , 2016, USENIX Security Symposium.

[12]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[13]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[14]  Shay Gueron,et al.  Speeding up R-LWE Post-quantum Key Exchange , 2016, NordSec.

[15]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[16]  Chris Peikert,et al.  Lattice Cryptography for the Internet , 2014, PQCrypto.