Post-Quantum Secure Remote Password Protocol from RLWE Problem

Secure Remote Password (SRP) protocol is an augmented Password-based Authenticated Key Exchange (PAKE) protocol based on discrete logarithm problem (DLP) with various attractive security features. Compared with basic PAKE protocols, SRP does not require server to store user’s password and user does not send password to server to authenticate. These features are desirable for secure client-server applications. SRP has gained extensive real-world deployment, including Apple iCloud, 1Password etc. However, with the advent of quantum computer and Shor’s algorithm, classic DLP-based public key cryptography algorithms are no longer secure, including SRP. Motivated by importance of SRP and threat from quantum attacks, we propose a RLWE-based SRP protocol (RLWE-SRP) which inherit advantages from SRP and elegant design from RLWE key exchange. We also present parameter choice and efficient portable C++ implementation of RLWE-SRP. Implementation of our 209-bit secure RLWE-SRP is more than 3x faster than 112-bit secure original SRP protocol, 5.5x faster than 80-bit secure J-PAKE and 14x faster than two 184-bit secure RLWE-based PAKE protocols with more desired properties.

[1]  Jintai Ding,et al.  A Simple Provably Secure Key Exchange Scheme Based on the Learning with Errors Problem , 2012, IACR Cryptol. ePrint Arch..

[2]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[3]  Noah Stephens-Davidowitz,et al.  Discrete Gaussian Sampling Reduces to CVP and SVP , 2015, SODA.

[4]  Erdem Alkim,et al.  Post-quantum Key Exchange - A New Hope , 2016, USENIX Security Symposium.

[5]  Feng Hao,et al.  Password Authenticated Key Exchange by Juggling , 2008, Security Protocols Workshop.

[6]  Tancrède Lepoint,et al.  NFLlib: NTT-Based Fast Lattice Library , 2016, CT-RSA.

[7]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[8]  Jonathan Katz,et al.  Smooth Projective Hashing and Password-Based Authenticated Key Exchange from Lattices , 2009, ASIACRYPT.

[9]  Jintai Ding,et al.  Authenticated Key Exchange from Ideal Lattices , 2015, EUROCRYPT.

[10]  Rasool Jalili,et al.  FORSAKES: A forward-secure authenticated key exchange protocol based on symmetric key-evolving schemes , 2014, Adv. Math. Commun..

[11]  Craig Costello,et al.  Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE , 2016, IACR Cryptol. ePrint Arch..

[12]  Giacomo Micheli Cryptanalysis of a noncommutative key exchange protocol , 2015, Adv. Math. Commun..

[13]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[14]  Craig Costello,et al.  Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem , 2015, 2015 IEEE Symposium on Security and Privacy.

[15]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[16]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[17]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[18]  L. H. Rotger,et al.  Discrete logarithm like problems and linear recurring sequences , 2013, Adv. Math. Commun..

[19]  Martin R. Albrecht,et al.  On the concrete hardness of Learning with Errors , 2015, J. Math. Cryptol..

[20]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[21]  David Taylor,et al.  Using the Secure Remote Password (SRP) Protocol for TLS Authentication , 2007, RFC.

[22]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[23]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[24]  Chris Peikert,et al.  Lattice Cryptography for the Internet , 2014, PQCrypto.

[25]  Jintai Ding,et al.  Provably Secure Password Authenticated Key Exchange Based on RLWE for the Post-Quantum World , 2017, CT-RSA.

[26]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[27]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.