Search
Close
Search
Advanced Search
Search Menu
AI Discovery Assistant

Abstract

Password-based authenticated key exchange (PAKE) allows two parties to compute a common secret key. PAKE offers the advantage of allowing two parties to pre-share only a password. However, when it is executed in a client–server environment, server corruption can expose the clients’ passwords. To be resilient against server compromises, verifier-based authenticated key exchange (VPAKE) is proposed, as an augmented version of PAKE. Thus far, there are two known major VPAKE constructions formally proven secure. However, both involve strong assumptions, such as random oracles. In this paper, we propose a simple and efficient VPAKE using tamper-proof hardware without random oracles to support resilient infrastructures. In particular, we transform Katz–Vaikuntanathan one-round PAKE into two-round VPAKE so as to instill resilience to server compromises. We provide a formal definition of VPAKE using tamper-proof hardware and security proof without random oracles. Finally, we provide a performance analysis and comparisons to previous VPAKE and PAKE protocols. Our transformation supports an efficient VPAKE protocol with six group element communications when the underlying Katz–Vaikuntanathan PAKE is instantiated by Cramer–Shoup ciphertext following the proposal by Benhamouda et al.

© The British Computer Society 2021. All rights reserved. For permissions, please e-mail: [email protected]
This article is published and distributed under the terms of the Oxford University Press, Standard Journals Publication Model (https://dbpia.nl.go.kr/journals/pages/open_access/funder_policies/chorus/standard_publication_model)
Issue Section:
Articles > Section D: Security in Computer Systems and Networks
You do not currently have access to this article.
Download all slides