Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security

ISC 2016: Information Security pp 147–166Cite as

Universally Composable Two-Server PAKE

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9866))

Abstract

Two-Server Password Authenticated Key Exchange (2PAKE) protocols apply secret sharing techniques to achieve protection against server-compromise attacks. 2PAKE protocols eliminate the need for password hashing and remain secure as long as one of the servers remains honest. This concept has also been explored in connection with two-server password authenticated secret sharing (2PASS) protocols for which game-based and universally composable versions have been proposed. In contrast, universally composable PAKE protocols exist currently only in the single-server scenario and all proposed 2PAKE protocols use game-based security definitions.

In this paper we propose the first construction of an universally composable 2PAKE protocol, alongside with its ideal functionality. The protocol is proven UC-secure in the standard model, assuming a common reference string which is a common assumption to many UC-secure PAKE and PASS protocols. The proposed protocol remains secure for arbitrary password distributions. As one of the building blocks we define and construct a new cryptographic primitive, called Trapdoor Distributed Smooth Projective Hash Function (TD-SPHF), which could be of independent interest.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Zero-knowledge languages L are independent from the smooth projective hashing languages introduced in Sect. 2.1.

  2. 2.

    Note that \(\tau '\) is a different trapdoor than the CRS trapdoor \(\tau \).

References

  1. Abdalla, M., Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D.: SPHF-friendly non-interactive commitments. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 214–234. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  2. Abdalla, M., Benhamouda, F., Pointcheval, D.: Removing Erasures with Explainable Hash Proof Systems. Cryptology ePrint Archive, Report 2014/125 (2014)

    Google Scholar 

  3. Abdalla, M., Chevalier, C., Pointcheval, D.: Smooth projective hashing for conditionally extractable commitments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 671–689. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  4. Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Ateniese, G., Camenisch, J., Hohenberger, S., de Medeiros, B.: Practical group signatures without random oracles. Cryptology ePrint Archive, 2005:385 (2005)

    Google Scholar 

  6. Ballard, L., Green, M., de Medeiros, B., Monrose, F.: Correlation-resistant storage via keyword-searchable encryption. Cryptology ePrint Archive, 2005:417 (2005)

    Google Scholar 

  7. Barak, B., Lindell, Y., Rabin, T.: Protocol Initialization for the Framework of Universal Composability. Cryptology ePrint Archive, 2004:6 (2004)

    Google Scholar 

  8. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  9. Bellovin, S.M., Merritt, M.: Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise. In: ACM CCS 1993, pp. 244–250. ACM (1993)

    Google Scholar 

  10. Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: New techniques for SPHFs and efficient one-round PAKE protocols. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 449–475. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  11. Benhamouda, F., Pointcheval, D.: Verifier-based password-authenticated key exchange: New models and constructions. Cryptology ePrint Archive, 2013:833 (2013)

    Google Scholar 

  12. Brainard, J., Juels, A.: A new two-server approach for authentication with short secrets. In: USENIX03 (2003)

    Google Scholar 

  13. Camenisch, J., Enderlein, R.R., Neven, G.: Two-Server Password-Authenticated Secret Sharing UC-Secure Against Transient Corruptions. Cryptology ePrint Archive, 2015:006 (2015)

    Google Scholar 

  14. Camenisch, J., Lysyanskaya, A., Neven, G.: Practical yet universally composable two-server password-authenticated secret sharing, pp. 525–536. ACM (2012)

    Google Scholar 

  15. Canetti, R., Security, U.C.: A new paradigm for cryptographic protocols. In: FOCS 2001, p. 136. IEEE CS, Washington, DC, USA (2001)

    Google Scholar 

  16. Canetti, R.: Universally composable signature, certification, and authentication. In: CSFW 2004, p. 219. IEEE CS (2004)

    Google Scholar 

  17. Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  18. Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  19. Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  20. Canetti, R., Rabin, T.: Universal composition with joint state. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 265–281. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  21. Damgård, I.B.: Efficient concurrent zero-knowledge in the auxiliary string model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 418–430. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  22. Gentry, C., MacKenzie, P.D., Ramzan, Z.: A method for making password-based key exchange resilient to server compromise. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 142–159. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  23. hashcat. hashcat - advanced password recovery (2014). http://hashcat.net/. Accessed 1 Dec 2014

  24. Jarecki, S., Kiayias, A., Krawczyk, H.: Round-optimal password-protected secret sharing and T-PAKE in the password-only model. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 233–253. Springer, Heidelberg (2014)

    Google Scholar 

  25. Jarecki, S., Lysyanskaya, A.: Adaptively secure threshold cryptography: introducing concurrency, removing erasures (Extended Abstract). In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 221–242. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  26. Jin, H., Wong, D.S., Xu, Y.: An efficient password-only two-server authenticated key exchange system. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 44–56. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  27. Katz, J., MacKenzie, P.D., Taban, G., Gligor, V.D.: Two-server password-only authenticated key exchange. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 1–16. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  28. Katz, J., Vaikuntanathan, V.: Round-optimal password-based authenticated key exchange. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 293–310. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  29. Kiefer, F., Manulis, M.: Distributed smooth projective hashing and its application to two-server password authenticated key exchange. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 199–216. Springer, Heidelberg (2014)

    Google Scholar 

  30. MacKenzie, P., Shrimpton, T., Jakobsson, M.: Threshold password-authenticated key exchange. In: CRYPTO 2002, p. 141 (2002)

    Google Scholar 

  31. Openwall. John the Ripper password cracker (2014). http://www.openwall.com/john/. Accessed 1 Dec 2014

  32. Raimondo, M.D., Gennaro, R.: Provably secure threshold password-authenticated key exchange. In: EUROCRYPT 2003, p. 507523 (2003)

    Google Scholar 

  33. Szydlo, M., Kaliski, B.: Proofs for two-server password authentication. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 227–244. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  34. Wu, T.: RFC 2945 - The SRP Authentication and Key Exchange System, September 2000

    Google Scholar 

  35. Yang, Y., Deng, R., Bao, F.: A practical password-based two-server authentication and key exchange system. IEEE TDSC 3(2), 105–114 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Mozilla, Berlin, Germany

    Franziskus Kiefer

  2. Department of Computer Science, Surrey Center for Cyber Security, University of Surrey, Guildford, UK

    Mark Manulis

Authors
  1. Franziskus Kiefer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mark Manulis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Franziskus Kiefer .

Editor information

Editors and Affiliations

  1. University of California , Davies, USA

    Matt Bishop

  2. University of Washington , Tacoma, Washington, USA

    Anderson C A Nascimento

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Kiefer, F., Manulis, M. (2016). Universally Composable Two-Server PAKE. In: Bishop, M., Nascimento, A. (eds) Information Security. ISC 2016. Lecture Notes in Computer Science(), vol 9866. Springer, Cham. https://doi.org/10.1007/978-3-319-45871-7_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-45871-7_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-45870-0

  • Online ISBN: 978-3-319-45871-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation